1 /* 2 * ntp_io.c - input/output routines for ntpd. The socket-opening code 3 * was shamelessly stolen from ntpd. 4 */ 5 6 #ifdef HAVE_CONFIG_H 7 # include <config.h> 8 #endif 9 10 #include <stdio.h> 11 #include <signal.h> 12 #ifdef HAVE_FNMATCH_H 13 # include <fnmatch.h> 14 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE) 15 # define FNM_CASEFOLD FNM_IGNORECASE 16 # endif 17 #endif 18 #ifdef HAVE_SYS_PARAM_H 19 # include <sys/param.h> 20 #endif 21 #ifdef HAVE_SYS_IOCTL_H 22 # include <sys/ioctl.h> 23 #endif 24 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */ 25 # include <sys/sockio.h> 26 #endif 27 #ifdef HAVE_SYS_UIO_H 28 # include <sys/uio.h> 29 #endif 30 31 #include "ntp_machine.h" 32 #include "ntpd.h" 33 #include "ntp_io.h" 34 #include "iosignal.h" 35 #include "ntp_lists.h" 36 #include "ntp_refclock.h" 37 #include "ntp_stdlib.h" 38 #include "ntp_worker.h" 39 #include "ntp_request.h" 40 #include "ntp_assert.h" 41 #include "timevalops.h" 42 #include "timespecops.h" 43 #include "ntpd-opts.h" 44 #include "safecast.h" 45 46 /* Don't include ISC's version of IPv6 variables and structures */ 47 #define ISC_IPV6_H 1 48 #include <isc/mem.h> 49 #include <isc/interfaceiter.h> 50 #include <isc/netaddr.h> 51 #include <isc/result.h> 52 #include <isc/sockaddr.h> 53 54 #ifdef SIM 55 #include "ntpsim.h" 56 #endif 57 58 #ifdef HAS_ROUTING_SOCKET 59 # include <net/route.h> 60 # ifdef HAVE_RTNETLINK 61 # include <linux/rtnetlink.h> 62 # endif 63 #endif 64 65 /* 66 * setsockopt does not always have the same arg declaration 67 * across all platforms. If it's not defined we make it empty 68 */ 69 70 #ifndef SETSOCKOPT_ARG_CAST 71 #define SETSOCKOPT_ARG_CAST 72 #endif 73 74 extern int listen_to_virtual_ips; 75 76 #ifndef IPTOS_DSCP_EF 77 #define IPTOS_DSCP_EF 0xb8 78 #endif 79 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */ 80 81 #ifdef LEAP_SMEAR 82 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so 83 * we get a linker error. Since we're running out of time before the leap 84 * second occurs, we let it here where it just works. 85 */ 86 int leap_smear_intv; 87 #endif 88 89 /* 90 * NIC rule entry 91 */ 92 typedef struct nic_rule_tag nic_rule; 93 94 struct nic_rule_tag { 95 nic_rule * next; 96 nic_rule_action action; 97 nic_rule_match match_type; 98 char * if_name; 99 sockaddr_u addr; 100 int prefixlen; 101 }; 102 103 /* 104 * NIC rule listhead. Entries are added at the head so that the first 105 * match in the list is the last matching rule specified. 106 */ 107 nic_rule *nic_rule_list; 108 109 110 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR) 111 # define HAVE_PACKET_TIMESTAMP 112 # define HAVE_BINTIME 113 # ifdef BINTIME_CTLMSGBUF_SIZE 114 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE 115 # else 116 # define CMSG_BUFSIZE 1536 /* moderate default */ 117 # endif 118 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR) 119 # define HAVE_PACKET_TIMESTAMP 120 # define HAVE_TIMESTAMPNS 121 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE 122 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE 123 # else 124 # define CMSG_BUFSIZE 1536 /* moderate default */ 125 # endif 126 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR) 127 # define HAVE_PACKET_TIMESTAMP 128 # define HAVE_TIMESTAMP 129 # ifdef TIMESTAMP_CTLMSGBUF_SIZE 130 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE 131 # else 132 # define CMSG_BUFSIZE 1536 /* moderate default */ 133 # endif 134 #else 135 /* fill in for old/other timestamp interfaces */ 136 #endif 137 138 #if defined(SYS_WINNT) 139 #include "win32_io.h" 140 #include <isc/win32os.h> 141 #endif 142 143 /* 144 * We do asynchronous input using the SIGIO facility. A number of 145 * recvbuf buffers are preallocated for input. In the signal 146 * handler we poll to see which sockets are ready and read the 147 * packets from them into the recvbuf's along with a time stamp and 148 * an indication of the source host and the interface it was received 149 * through. This allows us to get as accurate receive time stamps 150 * as possible independent of other processing going on. 151 * 152 * We watch the number of recvbufs available to the signal handler 153 * and allocate more when this number drops below the low water 154 * mark. If the signal handler should run out of buffers in the 155 * interim it will drop incoming frames, the idea being that it is 156 * better to drop a packet than to be inaccurate. 157 */ 158 159 160 /* 161 * Other statistics of possible interest 162 */ 163 volatile u_long packets_dropped; /* total number of packets dropped on reception */ 164 volatile u_long packets_ignored; /* packets received on wild card interface */ 165 volatile u_long packets_received; /* total number of packets received */ 166 u_long packets_sent; /* total number of packets sent */ 167 u_long packets_notsent; /* total number of packets which couldn't be sent */ 168 169 volatile u_long handler_calls; /* number of calls to interrupt handler */ 170 volatile u_long handler_pkts; /* number of pkts received by handler */ 171 u_long io_timereset; /* time counters were reset */ 172 173 /* 174 * Interface stuff 175 */ 176 endpt * any_interface; /* wildcard ipv4 interface */ 177 endpt * any6_interface; /* wildcard ipv6 interface */ 178 endpt * loopback_interface; /* loopback ipv4 interface */ 179 180 static isc_boolean_t broadcast_client_enabled; 181 u_int sys_ifnum; /* next .ifnum to assign */ 182 int ninterfaces; /* Total number of interfaces */ 183 184 int no_periodic_scan; /* network endpoint scans */ 185 int scan_addrs_once; /* because dropped privs */ 186 int nonlocal_v4_addr_up; /* should we try IPv4 pool? */ 187 int nonlocal_v6_addr_up; /* should we try IPv6 pool? */ 188 189 #ifdef REFCLOCK 190 /* 191 * Refclock stuff. We keep a chain of structures with data concerning 192 * the guys we are doing I/O for. 193 */ 194 static struct refclockio *refio; 195 #endif /* REFCLOCK */ 196 197 /* 198 * File descriptor masks etc. for call to select 199 * Not needed for I/O Completion Ports or anything outside this file 200 */ 201 static fd_set activefds; 202 static int maxactivefd; 203 204 /* 205 * bit alternating value to detect verified interfaces during an update cycle 206 */ 207 static u_short sys_interphase = 0; 208 209 static endpt * new_interface(endpt *); 210 static void add_interface(endpt *); 211 static int update_interfaces(u_short, interface_receiver_t, 212 void *); 213 static void remove_interface(endpt *); 214 static endpt * create_interface(u_short, endpt *); 215 216 static inline int is_wildcard_addr(const sockaddr_u *psau); 217 218 /* 219 * Multicast functions 220 */ 221 static isc_boolean_t addr_ismulticast (sockaddr_u *); 222 static isc_boolean_t is_anycast (sockaddr_u *, 223 const char *); 224 225 /* 226 * Not all platforms support multicast 227 */ 228 #ifdef MCAST 229 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *); 230 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); 231 #endif 232 233 #ifdef DEBUG 234 static void interface_dump (const endpt *); 235 static void print_interface (const endpt *, const char *, const char *); 236 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) 237 #else 238 #define DPRINT_INTERFACE(level, args) do {} while (0) 239 #endif 240 241 typedef struct vsock vsock_t; 242 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE }; 243 244 struct vsock { 245 vsock_t * link; 246 SOCKET fd; 247 enum desc_type type; 248 }; 249 250 vsock_t *fd_list; 251 252 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 253 /* 254 * async notification processing (e. g. routing sockets) 255 */ 256 /* 257 * support for receiving data on fd that is not a refclock or a socket 258 * like e. g. routing sockets 259 */ 260 struct asyncio_reader { 261 struct asyncio_reader *link; /* the list this is being kept in */ 262 SOCKET fd; /* fd to be read */ 263 void *data; /* possibly local data */ 264 void (*receiver)(struct asyncio_reader *); /* input handler */ 265 }; 266 267 struct asyncio_reader *asyncio_reader_list; 268 269 static void delete_asyncio_reader (struct asyncio_reader *); 270 static struct asyncio_reader *new_asyncio_reader (void); 271 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type); 272 static void remove_asyncio_reader (struct asyncio_reader *); 273 274 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 275 276 static void init_async_notifications (void); 277 278 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *, 279 int); 280 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, 281 const sockaddr_u *, const sockaddr_u *); 282 static int create_sockets (u_short); 283 static SOCKET open_socket (sockaddr_u *, int, int, endpt *); 284 static void set_reuseaddr (int); 285 static isc_boolean_t socket_broadcast_enable (endpt *, SOCKET, sockaddr_u *); 286 287 #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO) 288 static char * fdbits (int, const fd_set *); 289 #endif 290 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 291 static isc_boolean_t socket_broadcast_disable (endpt *, sockaddr_u *); 292 #endif 293 294 typedef struct remaddr remaddr_t; 295 296 struct remaddr { 297 remaddr_t * link; 298 sockaddr_u addr; 299 endpt * ep; 300 }; 301 302 remaddr_t * remoteaddr_list; 303 endpt * ep_list; /* complete endpt list */ 304 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */ 305 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ 306 307 static endpt * wildipv4; 308 static endpt * wildipv6; 309 310 #define RFC3927_ADDR 0xa9fe0000 /* 169.254. */ 311 #define RFC3927_MASK 0xffff0000 312 #define IS_AUTOCONF(addr4) \ 313 ((SRCADR(addr4) & RFC3927_MASK) == RFC3927_ADDR) 314 315 #ifdef SYS_WINNT 316 int accept_wildcard_if_for_winnt; 317 #else 318 const int accept_wildcard_if_for_winnt = FALSE; 319 #define init_io_completion_port() do {} while (FALSE) 320 #endif 321 322 static void add_fd_to_list (SOCKET, enum desc_type); 323 static endpt * find_addr_in_list (sockaddr_u *); 324 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); 325 static void delete_addr_from_list (sockaddr_u *); 326 static void delete_interface_from_list(endpt *); 327 static void close_and_delete_fd_from_list(SOCKET, endpt *); 328 static void add_addr_to_list (sockaddr_u *, endpt *); 329 static void create_wildcards (u_short); 330 static endpt * findlocalinterface (sockaddr_u *, int, int); 331 static endpt * findclosestinterface (sockaddr_u *, int); 332 #ifdef DEBUG 333 static const char * action_text (nic_rule_action); 334 #endif 335 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32); 336 static void convert_isc_if (isc_interface_t *, 337 endpt *, u_short); 338 static void calc_addr_distance(sockaddr_u *, 339 const sockaddr_u *, 340 const sockaddr_u *); 341 static int cmp_addr_distance(const sockaddr_u *, 342 const sockaddr_u *); 343 344 /* 345 * Routines to read the ntp packets 346 */ 347 #if !defined(HAVE_IO_COMPLETION_PORT) 348 static inline int read_network_packet (SOCKET, endpt *, l_fp); 349 static void ntpd_addremove_io_fd (int, int, int); 350 static void input_handler_scan (const l_fp*, const fd_set*); 351 static int/*BOOL*/ sanitize_fdset (int errc); 352 #ifdef REFCLOCK 353 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); 354 #endif 355 #ifdef HAVE_SIGNALED_IO 356 static void input_handler (l_fp*); 357 #endif 358 #endif 359 360 361 #ifndef HAVE_IO_COMPLETION_PORT 362 void 363 maintain_activefds( 364 int fd, 365 int closing 366 ) 367 { 368 int i; 369 370 if (fd < 0 || fd >= FD_SETSIZE) { 371 msyslog(LOG_ERR, 372 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d", 373 FD_SETSIZE, fd); 374 exit(1); 375 } 376 377 if (!closing) { 378 FD_SET(fd, &activefds); 379 maxactivefd = max(fd, maxactivefd); 380 } else { 381 FD_CLR(fd, &activefds); 382 if (maxactivefd && fd == maxactivefd) { 383 for (i = maxactivefd - 1; i >= 0; i--) 384 if (FD_ISSET(i, &activefds)) { 385 maxactivefd = i; 386 break; 387 } 388 INSIST(fd != maxactivefd); 389 } 390 } 391 } 392 #endif /* !HAVE_IO_COMPLETION_PORT */ 393 394 395 #ifdef DEBUG_TIMING 396 /* 397 * collect timing information for various processing 398 * paths. currently we only pass them on to the file 399 * for later processing. this could also do histogram 400 * based analysis in other to reduce the load (and skew) 401 * dur to the file output 402 */ 403 void 404 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts) 405 { 406 char buf[256]; 407 408 snprintf(buf, sizeof(buf), "%s %d %s %s", 409 (rb != NULL) 410 ? ((rb->dstadr != NULL) 411 ? stoa(&rb->recv_srcadr) 412 : "-REFCLOCK-") 413 : "-", 414 count, lfptoa(dts, 9), tag); 415 record_timing_stats(buf); 416 } 417 #endif 418 419 /* 420 * About dynamic interfaces, sockets, reception and more... 421 * 422 * the code solves following tasks: 423 * 424 * - keep a current list of active interfaces in order 425 * to bind to to the interface address on NTP_PORT so that 426 * all wild and specific bindings for NTP_PORT are taken by ntpd 427 * to avoid other daemons messing with the time or sockets. 428 * - all interfaces keep a list of peers that are referencing 429 * the interface in order to quickly re-assign the peers to 430 * new interface in case an interface is deleted (=> gone from system or 431 * down) 432 * - have a preconfigured socket ready with the right local address 433 * for transmission and reception 434 * - have an address list for all destination addresses used within ntpd 435 * to find the "right" preconfigured socket. 436 * - facilitate updating the internal interface list with respect to 437 * the current kernel state 438 * 439 * special issues: 440 * 441 * - mapping of multicast addresses to the interface affected is not always 442 * one to one - especially on hosts with multiple interfaces 443 * the code here currently allocates a separate interface entry for those 444 * multicast addresses 445 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF) 446 * in case of failure the multicast address is bound to an existing interface. 447 * - on some systems it is perfectly legal to assign the same address to 448 * multiple interfaces. Therefore this code does not keep a list of interfaces 449 * but a list of interfaces that represent a unique address as determined by the kernel 450 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only 451 * one representative of a group of real interfaces if they share the same address. 452 * 453 * Frank Kardel 20050910 454 */ 455 456 /* 457 * init_io - initialize I/O module. 458 */ 459 void 460 init_io(void) 461 { 462 /* Init buffer free list and stat counters */ 463 init_recvbuff(RECV_INIT); 464 /* update interface every 5 minutes as default */ 465 endpt_scan_period = 301; 466 467 #ifdef WORK_PIPE 468 addremove_io_fd = &ntpd_addremove_io_fd; 469 #endif 470 471 init_io_completion_port(); 472 #if defined(HAVE_SIGNALED_IO) 473 (void) set_signal(input_handler); 474 #endif 475 } 476 477 478 static void 479 ntpd_addremove_io_fd( 480 int fd, 481 int is_pipe, 482 int remove_it 483 ) 484 { 485 UNUSED_ARG(is_pipe); 486 487 #ifdef HAVE_SIGNALED_IO 488 if (!remove_it) 489 init_socket_sig(fd); 490 #endif /* not HAVE_SIGNALED_IO */ 491 492 maintain_activefds(fd, remove_it); 493 } 494 495 496 /* 497 * io_open_sockets - call socket creation routine 498 */ 499 void 500 io_open_sockets(void) 501 { 502 static int already_opened; 503 504 if (already_opened || HAVE_OPT( SAVECONFIGQUIT )) 505 return; 506 507 already_opened = 1; 508 509 /* 510 * Create the sockets 511 */ 512 BLOCKIO(); 513 create_sockets(NTP_PORT); 514 UNBLOCKIO(); 515 516 init_async_notifications(); 517 518 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd)); 519 } 520 521 522 #ifdef DEBUG 523 /* 524 * function to dump the contents of the interface structure 525 * for debugging use only. 526 * We face a dilemma here -- sockets are FDs under POSIX and 527 * actually HANDLES under Windows. So we use '%lld' as format 528 * and cast the value to 'long long'; this should not hurt 529 * with UNIX-like systems and does not truncate values on Win64. 530 */ 531 void 532 interface_dump(const endpt *itf) 533 { 534 printf("Dumping interface: %p\n", itf); 535 printf("fd = %lld\n", (long long)itf->fd); 536 printf("bfd = %lld\n", (long long)itf->bfd); 537 printf("sin = %s,\n", stoa(&itf->sin)); 538 printf("bcast = %s,\n", stoa(&itf->bcast)); 539 printf("mask = %s,\n", stoa(&itf->mask)); 540 printf("name = %s\n", itf->name); 541 printf("flags = 0x%08x\n", itf->flags); 542 printf("last_ttl = %d\n", itf->last_ttl); 543 printf("addr_refid = %08x\n", itf->addr_refid); 544 printf("num_mcast = %d\n", itf->num_mcast); 545 printf("received = %ld\n", itf->received); 546 printf("sent = %ld\n", itf->sent); 547 printf("notsent = %ld\n", itf->notsent); 548 printf("ifindex = %u\n", itf->ifindex); 549 printf("peercnt = %u\n", itf->peercnt); 550 printf("phase = %u\n", itf->phase); 551 } 552 553 554 /* 555 * print_interface - helper to output debug information 556 */ 557 static void 558 print_interface(const endpt *iface, const char *pfx, const char *sfx) 559 { 560 printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s", 561 pfx, 562 iface->ifnum, 563 (long long)iface->fd, 564 (long long)iface->bfd, 565 iface->name, 566 iface->flags, 567 iface->ifindex, 568 stoa(&iface->sin)); 569 if (AF_INET == iface->family) { 570 if (iface->flags & INT_BROADCAST) 571 printf(", bcast=%s", stoa(&iface->bcast)); 572 printf(", mask=%s", stoa(&iface->mask)); 573 } 574 printf(", %s:%s", 575 (iface->ignore_packets) 576 ? "Disabled" 577 : "Enabled", 578 sfx); 579 if (debug > 4) /* in-depth debugging only */ 580 interface_dump(iface); 581 } 582 #endif 583 584 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) 585 /* 586 * create an asyncio_reader structure 587 */ 588 static struct asyncio_reader * 589 new_asyncio_reader(void) 590 { 591 struct asyncio_reader *reader; 592 593 reader = emalloc_zero(sizeof(*reader)); 594 reader->fd = INVALID_SOCKET; 595 596 return reader; 597 } 598 599 /* 600 * delete a reader 601 */ 602 static void 603 delete_asyncio_reader( 604 struct asyncio_reader *reader 605 ) 606 { 607 free(reader); 608 } 609 610 /* 611 * add asynchio_reader 612 */ 613 static void 614 add_asyncio_reader( 615 struct asyncio_reader * reader, 616 enum desc_type type) 617 { 618 LINK_SLIST(asyncio_reader_list, reader, link); 619 add_fd_to_list(reader->fd, type); 620 } 621 622 /* 623 * remove asyncio_reader 624 */ 625 static void 626 remove_asyncio_reader( 627 struct asyncio_reader *reader 628 ) 629 { 630 struct asyncio_reader *unlinked; 631 632 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, 633 struct asyncio_reader); 634 635 if (reader->fd != INVALID_SOCKET) { 636 close_and_delete_fd_from_list(reader->fd, NULL); 637 } 638 reader->fd = INVALID_SOCKET; 639 } 640 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ 641 642 643 /* compare two sockaddr prefixes */ 644 static int 645 addr_eqprefix( 646 const sockaddr_u * a, 647 const sockaddr_u * b, 648 int prefixlen 649 ) 650 { 651 isc_netaddr_t isc_a; 652 isc_netaddr_t isc_b; 653 isc_sockaddr_t isc_sa; 654 655 ZERO(isc_sa); 656 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a))); 657 isc_netaddr_fromsockaddr(&isc_a, &isc_sa); 658 659 ZERO(isc_sa); 660 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b))); 661 isc_netaddr_fromsockaddr(&isc_b, &isc_sa); 662 663 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b, 664 (u_int)prefixlen); 665 } 666 667 668 static int 669 addr_samesubnet( 670 const sockaddr_u * a, 671 const sockaddr_u * a_mask, 672 const sockaddr_u * b, 673 const sockaddr_u * b_mask 674 ) 675 { 676 const u_int32 * pa; 677 const u_int32 * pa_limit; 678 const u_int32 * pb; 679 const u_int32 * pm; 680 size_t loops; 681 682 REQUIRE(AF(a) == AF(a_mask)); 683 REQUIRE(AF(b) == AF(b_mask)); 684 /* 685 * With address and mask families verified to match, comparing 686 * the masks also validates the address's families match. 687 */ 688 if (!SOCK_EQ(a_mask, b_mask)) 689 return FALSE; 690 691 if (IS_IPV6(a)) { 692 loops = sizeof(NSRCADR6(a)) / sizeof(*pa); 693 pa = (const void *)&NSRCADR6(a); 694 pb = (const void *)&NSRCADR6(b); 695 pm = (const void *)&NSRCADR6(a_mask); 696 } else { 697 loops = sizeof(NSRCADR(a)) / sizeof(*pa); 698 pa = (const void *)&NSRCADR(a); 699 pb = (const void *)&NSRCADR(b); 700 pm = (const void *)&NSRCADR(a_mask); 701 } 702 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++) 703 if ((*pa & *pm) != (*pb & *pm)) 704 return FALSE; 705 706 return TRUE; 707 } 708 709 710 /* 711 * interface list enumerator - visitor pattern 712 */ 713 void 714 interface_enumerate( 715 interface_receiver_t receiver, 716 void * data 717 ) 718 { 719 interface_info_t ifi; 720 721 ifi.action = IFS_EXISTS; 722 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink) 723 (*receiver)(data, &ifi); 724 } 725 726 /* 727 * do standard initialization of interface structure 728 */ 729 static inline void 730 init_interface( 731 endpt *ep 732 ) 733 { 734 ZERO(*ep); 735 ep->fd = INVALID_SOCKET; 736 ep->bfd = INVALID_SOCKET; 737 ep->phase = sys_interphase; 738 } 739 740 741 /* 742 * create new interface structure initialize from 743 * template structure or via standard initialization 744 * function 745 */ 746 static endpt * 747 new_interface( 748 endpt *protot 749 ) 750 { 751 endpt * iface; 752 753 iface = emalloc(sizeof(*iface)); 754 if (NULL == protot) { 755 ZERO(*iface); 756 } else { 757 memcpy(iface, protot, sizeof(*iface)); 758 } 759 /* count every new instance of an interface in the system */ 760 iface->ifnum = sys_ifnum++; 761 iface->starttime = current_time; 762 763 # ifdef HAVE_IO_COMPLETION_PORT 764 if (!io_completion_port_add_interface(iface)) { 765 msyslog(LOG_EMERG, "cannot register interface with IO engine -- will exit now"); 766 exit(1); 767 } 768 # endif 769 return iface; 770 } 771 772 773 /* 774 * return interface storage into free memory pool 775 */ 776 static void 777 delete_interface( 778 endpt *ep 779 ) 780 { 781 # ifdef HAVE_IO_COMPLETION_PORT 782 io_completion_port_remove_interface(ep); 783 # endif 784 free(ep); 785 } 786 787 788 /* 789 * link interface into list of known interfaces 790 */ 791 static void 792 add_interface( 793 endpt * ep 794 ) 795 { 796 endpt ** pmclisthead; 797 endpt * scan; 798 endpt * scan_next; 799 int same_subnet; 800 int rc; 801 802 /* Calculate the refid */ 803 ep->addr_refid = addr2refid(&ep->sin); 804 # ifdef WORDS_BIGENDIAN 805 if (IS_IPV6(&ep->sin)) { 806 ep->old_refid = BYTESWAP32(ep->addr_refid); 807 } 808 # endif 809 /* link at tail so ntpdc -c ifstats index increases each row */ 810 LINK_TAIL_SLIST(ep_list, ep, elink, endpt); 811 ninterfaces++; 812 #ifdef MCAST 813 /* the rest is for enabled multicast-capable addresses only */ 814 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) || 815 INT_LOOPBACK & ep->flags) 816 return; 817 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 818 if (AF_INET6 == ep->family) 819 return; 820 # endif 821 pmclisthead = (AF_INET == ep->family) 822 ? &mc4_list 823 : &mc6_list; 824 825 /* 826 * If we have multiple global addresses from the same prefix 827 * on the same network interface, multicast from one. 828 */ 829 for (scan = *pmclisthead; scan != NULL; scan = scan_next) { 830 scan_next = scan->mclink; 831 if ( ep->family != scan->family 832 || ep->ifindex != scan->ifindex) { 833 continue; 834 } 835 same_subnet = addr_samesubnet(&ep->sin, &ep->mask, 836 &scan->sin, &scan->mask); 837 if (same_subnet) { 838 DPRINTF(4, ("did not add %s to multicast-capable list" 839 "which already has %s\n", 840 stoa(&ep->sin), stoa(&scan->sin))); 841 return; 842 } 843 } 844 LINK_SLIST(*pmclisthead, ep, mclink); 845 if (INVALID_SOCKET == ep->fd) 846 return; 847 848 /* 849 * select the local address from which to send to multicast. 850 */ 851 switch (AF(&ep->sin)) { 852 853 case AF_INET : 854 rc = setsockopt(ep->fd, IPPROTO_IP, 855 IP_MULTICAST_IF, 856 (void *)&NSRCADR(&ep->sin), 857 sizeof(NSRCADR(&ep->sin))); 858 if (rc) 859 msyslog(LOG_ERR, 860 "setsockopt IP_MULTICAST_IF %s fails: %m", 861 stoa(&ep->sin)); 862 break; 863 864 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 865 case AF_INET6 : 866 rc = setsockopt(ep->fd, IPPROTO_IPV6, 867 IPV6_MULTICAST_IF, 868 (void *)&ep->ifindex, 869 sizeof(ep->ifindex)); 870 /* do not complain if bound addr scope is ifindex */ 871 if (rc && ep->ifindex != SCOPE(&ep->sin)) 872 msyslog(LOG_ERR, 873 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m", 874 ep->ifindex, stoa(&ep->sin)); 875 break; 876 # endif 877 } 878 #endif /* MCAST */ 879 } 880 881 882 /* 883 * remove interface from known interface list and clean up 884 * associated resources 885 */ 886 static void 887 remove_interface( 888 endpt * ep 889 ) 890 { 891 endpt * unlinked; 892 endpt ** pmclisthead; 893 sockaddr_u resmask; 894 int/*BOOL*/ success; 895 896 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); 897 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { 898 pmclisthead = (AF_INET == ep->family) 899 ? &mc4_list 900 : &mc6_list; 901 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt); 902 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n", 903 stoa(&ep->sin), 904 (unlinked != NULL) 905 ? "removed from" 906 : "not found on", 907 (AF_INET == ep->family) 908 ? "4" 909 : "6")); 910 } 911 delete_interface_from_list(ep); 912 913 if (ep->fd != INVALID_SOCKET) { 914 msyslog(LOG_INFO, 915 "Deleting %d %s, [%s]:%hd, stats:" 916 " received=%ld, sent=%ld, dropped=%ld," 917 " active_time=%ld secs", 918 ep->ifnum, 919 ep->name, 920 stoa(&ep->sin), 921 SRCPORT(&ep->sin), 922 ep->received, 923 ep->sent, 924 ep->notsent, 925 current_time - ep->starttime); 926 close_and_delete_fd_from_list(ep->fd, ep); 927 ep->fd = INVALID_SOCKET; 928 } 929 930 if (ep->bfd != INVALID_SOCKET) { 931 msyslog(LOG_INFO, 932 "stop listening for broadcasts to %s on interface #%d %s", 933 stoa(&ep->bcast), ep->ifnum, ep->name); 934 close_and_delete_fd_from_list(ep->bfd, ep); 935 ep->bfd = INVALID_SOCKET; 936 } 937 # ifdef HAVE_IO_COMPLETION_PORT 938 io_completion_port_remove_interface(ep); 939 # endif 940 941 ninterfaces--; 942 mon_clearinterface(ep); 943 944 /* remove restrict interface entry */ 945 SET_HOSTMASK(&resmask, AF(&ep->sin)); 946 success = hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 0, 947 RESM_NTPONLY | RESM_INTERFACE, 0, 0); 948 if (!success) { 949 msyslog(LOG_ERR, 950 "unable to remove self-restriction for %s", 951 stoa(&ep->sin)); 952 } 953 954 } 955 956 957 static void 958 log_listen_address( 959 endpt * ep 960 ) 961 { 962 msyslog(LOG_INFO, "%s on %d %s %s", 963 (ep->ignore_packets) 964 ? "Listen and drop" 965 : "Listen normally", 966 ep->ifnum, 967 ep->name, 968 sptoa(&ep->sin)); 969 } 970 971 972 static void 973 create_wildcards( 974 u_short port 975 ) 976 { 977 int v4wild; 978 #ifdef INCLUDE_IPV6_SUPPORT 979 int v6wild; 980 #endif 981 sockaddr_u wildaddr; 982 nic_rule_action action; 983 endpt * wildif; 984 985 /* 986 * silence "potentially uninitialized" warnings from VC9 987 * failing to follow the logic. Ideally action could remain 988 * uninitialized, and the memset be the first statement under 989 * the first if (v4wild). 990 */ 991 action = ACTION_LISTEN; 992 ZERO(wildaddr); 993 994 #ifdef INCLUDE_IPV6_SUPPORT 995 /* 996 * create pseudo-interface with wildcard IPv6 address 997 */ 998 v6wild = ipv6_works; 999 if (v6wild) { 1000 /* set wildaddr to the v6 wildcard address :: */ 1001 ZERO(wildaddr); 1002 AF(&wildaddr) = AF_INET6; 1003 SET_ADDR6N(&wildaddr, in6addr_any); 1004 SET_PORT(&wildaddr, port); 1005 SET_SCOPE(&wildaddr, 0); 1006 1007 /* check for interface/nic rules affecting the wildcard */ 1008 action = interface_action(NULL, &wildaddr, 0); 1009 v6wild = (ACTION_IGNORE != action); 1010 } 1011 if (v6wild) { 1012 wildif = new_interface(NULL); 1013 1014 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name)); 1015 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1016 wildif->family = AF_INET6; 1017 AF(&wildif->mask) = AF_INET6; 1018 SET_ONESMASK(&wildif->mask); 1019 1020 wildif->flags = INT_UP | INT_WILDCARD; 1021 wildif->ignore_packets = (ACTION_DROP == action); 1022 1023 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1024 1025 if (wildif->fd != INVALID_SOCKET) { 1026 wildipv6 = wildif; 1027 any6_interface = wildif; 1028 add_addr_to_list(&wildif->sin, wildif); 1029 add_interface(wildif); 1030 log_listen_address(wildif); 1031 } else { 1032 msyslog(LOG_ERR, 1033 "unable to bind to wildcard address %s - another process may be running - EXITING", 1034 stoa(&wildif->sin)); 1035 exit(1); 1036 } 1037 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1038 } 1039 #endif 1040 1041 /* 1042 * create pseudo-interface with wildcard IPv4 address 1043 */ 1044 v4wild = ipv4_works; 1045 if (v4wild) { 1046 /* set wildaddr to the v4 wildcard address 0.0.0.0 */ 1047 AF(&wildaddr) = AF_INET; 1048 SET_ADDR4N(&wildaddr, INADDR_ANY); 1049 SET_PORT(&wildaddr, port); 1050 1051 /* check for interface/nic rules affecting the wildcard */ 1052 action = interface_action(NULL, &wildaddr, 0); 1053 v4wild = (ACTION_IGNORE != action); 1054 } 1055 if (v4wild) { 1056 wildif = new_interface(NULL); 1057 1058 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name)); 1059 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin)); 1060 wildif->family = AF_INET; 1061 AF(&wildif->mask) = AF_INET; 1062 SET_ONESMASK(&wildif->mask); 1063 1064 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD; 1065 wildif->ignore_packets = (ACTION_DROP == action); 1066 #if defined(MCAST) 1067 /* 1068 * enable multicast reception on the broadcast socket 1069 */ 1070 AF(&wildif->bcast) = AF_INET; 1071 SET_ADDR4N(&wildif->bcast, INADDR_ANY); 1072 SET_PORT(&wildif->bcast, port); 1073 #endif /* MCAST */ 1074 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif); 1075 1076 if (wildif->fd != INVALID_SOCKET) { 1077 wildipv4 = wildif; 1078 any_interface = wildif; 1079 1080 add_addr_to_list(&wildif->sin, wildif); 1081 add_interface(wildif); 1082 log_listen_address(wildif); 1083 } else { 1084 msyslog(LOG_ERR, 1085 "unable to bind to wildcard address %s - another process may be running - EXITING", 1086 stoa(&wildif->sin)); 1087 exit(1); 1088 } 1089 DPRINT_INTERFACE(2, (wildif, "created ", "\n")); 1090 } 1091 } 1092 1093 1094 /* 1095 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list. 1096 */ 1097 void 1098 add_nic_rule( 1099 nic_rule_match match_type, 1100 const char * if_name, /* interface name or numeric address */ 1101 int prefixlen, 1102 nic_rule_action action 1103 ) 1104 { 1105 nic_rule * rule; 1106 isc_boolean_t is_ip; 1107 1108 rule = emalloc_zero(sizeof(*rule)); 1109 rule->match_type = match_type; 1110 rule->prefixlen = prefixlen; 1111 rule->action = action; 1112 1113 if (MATCH_IFNAME == match_type) { 1114 REQUIRE(NULL != if_name); 1115 rule->if_name = estrdup(if_name); 1116 } else if (MATCH_IFADDR == match_type) { 1117 REQUIRE(NULL != if_name); 1118 /* set rule->addr */ 1119 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr); 1120 REQUIRE(is_ip); 1121 } else 1122 REQUIRE(NULL == if_name); 1123 1124 LINK_SLIST(nic_rule_list, rule, next); 1125 } 1126 1127 1128 #ifdef DEBUG 1129 static const char * 1130 action_text( 1131 nic_rule_action action 1132 ) 1133 { 1134 const char *t; 1135 1136 switch (action) { 1137 1138 default: 1139 t = "ERROR"; /* quiet uninit warning */ 1140 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n", 1141 action)); 1142 ENSURE(0); 1143 break; 1144 1145 case ACTION_LISTEN: 1146 t = "listen"; 1147 break; 1148 1149 case ACTION_IGNORE: 1150 t = "ignore"; 1151 break; 1152 1153 case ACTION_DROP: 1154 t = "drop"; 1155 break; 1156 } 1157 1158 return t; 1159 } 1160 #endif /* DEBUG */ 1161 1162 1163 static nic_rule_action 1164 interface_action( 1165 char * if_name, 1166 sockaddr_u * if_addr, 1167 u_int32 if_flags 1168 ) 1169 { 1170 nic_rule * rule; 1171 int isloopback; 1172 int iswildcard; 1173 1174 DPRINTF(4, ("interface_action: interface %s ", 1175 (if_name != NULL) ? if_name : "wildcard")); 1176 1177 iswildcard = is_wildcard_addr(if_addr); 1178 isloopback = !!(INT_LOOPBACK & if_flags); 1179 1180 /* 1181 * Find any matching NIC rule from --interface / -I or ntp.conf 1182 * interface/nic rules. 1183 */ 1184 for (rule = nic_rule_list; rule != NULL; rule = rule->next) { 1185 1186 switch (rule->match_type) { 1187 1188 case MATCH_ALL: 1189 /* loopback and wildcard excluded from "all" */ 1190 if (isloopback || iswildcard) 1191 break; 1192 DPRINTF(4, ("nic all %s\n", 1193 action_text(rule->action))); 1194 return rule->action; 1195 1196 case MATCH_IPV4: 1197 if (IS_IPV4(if_addr)) { 1198 DPRINTF(4, ("nic ipv4 %s\n", 1199 action_text(rule->action))); 1200 return rule->action; 1201 } 1202 break; 1203 1204 case MATCH_IPV6: 1205 if (IS_IPV6(if_addr)) { 1206 DPRINTF(4, ("nic ipv6 %s\n", 1207 action_text(rule->action))); 1208 return rule->action; 1209 } 1210 break; 1211 1212 case MATCH_WILDCARD: 1213 if (iswildcard) { 1214 DPRINTF(4, ("nic wildcard %s\n", 1215 action_text(rule->action))); 1216 return rule->action; 1217 } 1218 break; 1219 1220 case MATCH_IFADDR: 1221 if (rule->prefixlen != -1) { 1222 if (addr_eqprefix(if_addr, &rule->addr, 1223 rule->prefixlen)) { 1224 1225 DPRINTF(4, ("subnet address match - %s\n", 1226 action_text(rule->action))); 1227 return rule->action; 1228 } 1229 } else 1230 if (SOCK_EQ(if_addr, &rule->addr)) { 1231 1232 DPRINTF(4, ("address match - %s\n", 1233 action_text(rule->action))); 1234 return rule->action; 1235 } 1236 break; 1237 1238 case MATCH_IFNAME: 1239 if (if_name != NULL 1240 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD) 1241 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD) 1242 #else 1243 && !strcasecmp(if_name, rule->if_name) 1244 #endif 1245 ) { 1246 1247 DPRINTF(4, ("interface name match - %s\n", 1248 action_text(rule->action))); 1249 return rule->action; 1250 } 1251 break; 1252 } 1253 } 1254 1255 /* 1256 * Unless explicitly disabled such as with "nic ignore ::1" 1257 * listen on loopback addresses. Since ntpq and ntpdc query 1258 * "localhost" by default, which typically resolves to ::1 and 1259 * 127.0.0.1, it's useful to default to listening on both. 1260 */ 1261 if (isloopback) { 1262 DPRINTF(4, ("default loopback listen\n")); 1263 return ACTION_LISTEN; 1264 } 1265 1266 /* 1267 * Treat wildcard addresses specially. If there is no explicit 1268 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule 1269 * default to drop. 1270 */ 1271 if (iswildcard) { 1272 DPRINTF(4, ("default wildcard drop\n")); 1273 return ACTION_DROP; 1274 } 1275 1276 /* 1277 * Check for "virtual IP" (colon in the interface name) after 1278 * the rules so that "ntpd --interface eth0:1 -novirtualips" 1279 * does indeed listen on eth0:1's addresses. 1280 */ 1281 if (!listen_to_virtual_ips && if_name != NULL 1282 && (strchr(if_name, ':') != NULL)) { 1283 1284 DPRINTF(4, ("virtual ip - ignore\n")); 1285 return ACTION_IGNORE; 1286 } 1287 1288 /* 1289 * If there are no --interface/-I command-line options and no 1290 * interface/nic rules in ntp.conf, the default action is to 1291 * listen. In the presence of rules from either, the default 1292 * is to ignore. This implements ntpd's traditional listen- 1293 * every default with no interface listen configuration, and 1294 * ensures a single -I eth0 or "nic listen eth0" means do not 1295 * listen on any other addresses. 1296 */ 1297 if (NULL == nic_rule_list) { 1298 DPRINTF(4, ("default listen\n")); 1299 return ACTION_LISTEN; 1300 } 1301 1302 DPRINTF(4, ("implicit ignore\n")); 1303 return ACTION_IGNORE; 1304 } 1305 1306 1307 static void 1308 convert_isc_if( 1309 isc_interface_t *isc_if, 1310 endpt *itf, 1311 u_short port 1312 ) 1313 { 1314 strlcpy(itf->name, isc_if->name, sizeof(itf->name)); 1315 itf->ifindex = isc_if->ifindex; 1316 itf->family = (u_short)isc_if->af; 1317 AF(&itf->sin) = itf->family; 1318 AF(&itf->mask) = itf->family; 1319 AF(&itf->bcast) = itf->family; 1320 SET_PORT(&itf->sin, port); 1321 SET_PORT(&itf->mask, port); 1322 SET_PORT(&itf->bcast, port); 1323 1324 if (IS_IPV4(&itf->sin)) { 1325 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr; 1326 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr; 1327 1328 if (isc_if->flags & INTERFACE_F_BROADCAST) { 1329 itf->flags |= INT_BROADCAST; 1330 NSRCADR(&itf->bcast) = 1331 isc_if->broadcast.type.in.s_addr; 1332 } 1333 } 1334 #ifdef INCLUDE_IPV6_SUPPORT 1335 else if (IS_IPV6(&itf->sin)) { 1336 SET_ADDR6N(&itf->sin, isc_if->address.type.in6); 1337 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6); 1338 1339 SET_SCOPE(&itf->sin, isc_if->address.zone); 1340 } 1341 #endif /* INCLUDE_IPV6_SUPPORT */ 1342 1343 1344 /* Process the rest of the flags */ 1345 1346 itf->flags |= 1347 ((INTERFACE_F_UP & isc_if->flags) 1348 ? INT_UP : 0) 1349 | ((INTERFACE_F_LOOPBACK & isc_if->flags) 1350 ? INT_LOOPBACK : 0) 1351 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags) 1352 ? INT_PPP : 0) 1353 | ((INTERFACE_F_MULTICAST & isc_if->flags) 1354 ? INT_MULTICAST : 0) 1355 | ((INTERFACE_F_PRIVACY & isc_if->flags) 1356 ? INT_PRIVACY : 0) 1357 ; 1358 1359 /* 1360 * Clear the loopback flag if the address is not localhost. 1361 * http://bugs.ntp.org/1683 1362 */ 1363 if ((INT_LOOPBACK & itf->flags) && !IS_LOOPBACK_ADDR(&itf->sin)) { 1364 itf->flags &= ~INT_LOOPBACK; 1365 } 1366 } 1367 1368 1369 /* 1370 * refresh_interface 1371 * 1372 * some OSes have been observed to keep 1373 * cached routes even when more specific routes 1374 * become available. 1375 * this can be mitigated by re-binding 1376 * the socket. 1377 */ 1378 static int 1379 refresh_interface( 1380 endpt * iface 1381 ) 1382 { 1383 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 1384 if (iface->fd != INVALID_SOCKET) { 1385 int bcast = (iface->flags & INT_BCASTXMIT) != 0; 1386 /* as we forcibly close() the socket remove the 1387 broadcast permission indication */ 1388 if (bcast) 1389 socket_broadcast_disable(iface, &iface->sin); 1390 1391 close_and_delete_fd_from_list(iface->fd); 1392 1393 /* create new socket picking up a new first hop binding 1394 at connect() time */ 1395 iface->fd = open_socket(&iface->sin, 1396 bcast, 0, iface); 1397 /* 1398 * reset TTL indication so TTL is is set again 1399 * next time around 1400 */ 1401 iface->last_ttl = 0; 1402 return (iface->fd != INVALID_SOCKET); 1403 } else 1404 return 0; /* invalid sockets are not refreshable */ 1405 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1406 return (iface->fd != INVALID_SOCKET); 1407 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 1408 } 1409 1410 /* 1411 * interface_update - externally callable update function 1412 */ 1413 void 1414 interface_update( 1415 interface_receiver_t receiver, 1416 void * data 1417 ) 1418 { 1419 int new_interface_found; 1420 1421 if (scan_addrs_once) { 1422 return; 1423 } 1424 BLOCKIO(); 1425 new_interface_found = update_interfaces(NTP_PORT, receiver, data); 1426 UNBLOCKIO(); 1427 1428 if (!new_interface_found) { 1429 return; 1430 } 1431 #ifdef DEBUG 1432 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); 1433 #endif 1434 interrupt_worker_sleep(); 1435 } 1436 1437 1438 /* 1439 * sau_from_netaddr() - convert network address on-wire formats. 1440 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u 1441 */ 1442 void 1443 sau_from_netaddr( 1444 sockaddr_u *psau, 1445 const isc_netaddr_t *pna 1446 ) 1447 { 1448 ZERO_SOCK(psau); 1449 AF(psau) = (u_short)pna->family; 1450 switch (pna->family) { 1451 1452 case AF_INET: 1453 psau->sa4.sin_addr = pna->type.in; 1454 break; 1455 1456 case AF_INET6: 1457 psau->sa6.sin6_addr = pna->type.in6; 1458 break; 1459 } 1460 } 1461 1462 1463 static int 1464 is_wildcard_addr( 1465 const sockaddr_u *psau 1466 ) 1467 { 1468 if (IS_IPV4(psau) && !NSRCADR(psau)) 1469 return 1; 1470 1471 #ifdef INCLUDE_IPV6_SUPPORT 1472 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any)) 1473 return 1; 1474 #endif 1475 1476 return 0; 1477 } 1478 1479 1480 isc_boolean_t 1481 is_linklocal( 1482 sockaddr_u * psau 1483 ) 1484 { 1485 struct in6_addr * p6addr; 1486 1487 if (IS_IPV6(psau)) { 1488 p6addr = &psau->sa6.sin6_addr; 1489 if (IN6_IS_ADDR_LINKLOCAL(p6addr)) { 1490 return TRUE; 1491 } 1492 } else if (IS_IPV4(psau)) { 1493 /* autoconf are link-local 169.254.0.0/16 */ 1494 if (IS_AUTOCONF(psau)) { 1495 return TRUE; 1496 } 1497 } 1498 return FALSE; 1499 } 1500 1501 1502 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 1503 /* 1504 * enable/disable re-use of wildcard address socket 1505 */ 1506 static void 1507 set_wildcard_reuse( 1508 u_short family, 1509 int on 1510 ) 1511 { 1512 endpt *any; 1513 SOCKET fd = INVALID_SOCKET; 1514 1515 any = ANY_INTERFACE_BYFAM(family); 1516 if (any != NULL) 1517 fd = any->fd; 1518 1519 if (fd != INVALID_SOCKET) { 1520 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1521 (void *)&on, sizeof(on))) 1522 msyslog(LOG_ERR, 1523 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m", 1524 on ? "on" : "off"); 1525 1526 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n", 1527 on ? "on" : "off", 1528 stoa(&any->sin))); 1529 } 1530 } 1531 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ 1532 1533 static isc_boolean_t 1534 check_flags( 1535 sockaddr_u *psau, 1536 const char *name, 1537 u_int32 flags 1538 ) 1539 { 1540 #if defined(SIOCGIFAFLAG_IN) 1541 struct ifreq ifr; 1542 int fd; 1543 1544 if (psau->sa.sa_family != AF_INET) 1545 return ISC_FALSE; 1546 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) 1547 return ISC_FALSE; 1548 ZERO(ifr); 1549 memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr)); 1550 strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); 1551 if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) { 1552 close(fd); 1553 return ISC_FALSE; 1554 } 1555 close(fd); 1556 if ((ifr.ifr_addrflags & flags) != 0) 1557 return ISC_TRUE; 1558 #endif /* SIOCGIFAFLAG_IN */ 1559 return ISC_FALSE; 1560 } 1561 1562 static isc_boolean_t 1563 check_flags6( 1564 sockaddr_u *psau, 1565 const char *name, 1566 u_int32 flags6 1567 ) 1568 { 1569 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) 1570 struct in6_ifreq ifr6; 1571 int fd; 1572 1573 if (psau->sa.sa_family != AF_INET6) 1574 return ISC_FALSE; 1575 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) 1576 return ISC_FALSE; 1577 ZERO(ifr6); 1578 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr)); 1579 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name)); 1580 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { 1581 close(fd); 1582 return ISC_FALSE; 1583 } 1584 close(fd); 1585 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0) 1586 return ISC_TRUE; 1587 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */ 1588 return ISC_FALSE; 1589 } 1590 1591 static isc_boolean_t 1592 is_anycast( 1593 sockaddr_u *psau, 1594 const char *name 1595 ) 1596 { 1597 #ifdef IN6_IFF_ANYCAST 1598 return check_flags6(psau, name, IN6_IFF_ANYCAST); 1599 #else 1600 return ISC_FALSE; 1601 #endif 1602 } 1603 1604 static isc_boolean_t 1605 is_valid( 1606 sockaddr_u *psau, 1607 const char *name 1608 ) 1609 { 1610 u_int32 flags; 1611 1612 flags = 0; 1613 switch (psau->sa.sa_family) { 1614 case AF_INET: 1615 #ifdef IN_IFF_DETACHED 1616 flags |= IN_IFF_DETACHED; 1617 #endif 1618 #ifdef IN_IFF_TENTATIVE 1619 flags |= IN_IFF_TENTATIVE; 1620 #endif 1621 return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1622 case AF_INET6: 1623 #ifdef IN6_IFF_DEPARTED 1624 flags |= IN6_IFF_DEPARTED; 1625 #endif 1626 #ifdef IN6_IFF_DETACHED 1627 flags |= IN6_IFF_DETACHED; 1628 #endif 1629 #ifdef IN6_IFF_TENTATIVE 1630 flags |= IN6_IFF_TENTATIVE; 1631 #endif 1632 return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE; 1633 default: 1634 return ISC_FALSE; 1635 } 1636 } 1637 1638 /* 1639 * update_interface strategy 1640 * 1641 * toggle configuration phase 1642 * 1643 * Phase 1a: 1644 * forall currently existing interfaces 1645 * if address is known: 1646 * drop socket - rebind again 1647 * 1648 * if address is NOT known: 1649 * Add address to list of new addresses 1650 * 1651 * Phase 1b: 1652 * Scan the list of new addresses marking IPv6 link-local addresses 1653 * which also have a global v6 address using the same OS ifindex. 1654 * Attempt to create a new interface entry 1655 * 1656 * Phase 2: 1657 * forall currently known non MCAST and WILDCARD interfaces 1658 * if interface does not match configuration phase (not seen in phase 1): 1659 * remove interface from known interface list 1660 * forall peers associated with this interface 1661 * disconnect peer from this interface 1662 * 1663 * Phase 3: 1664 * attempt to re-assign interfaces to peers 1665 * 1666 */ 1667 1668 static int 1669 update_interfaces( 1670 u_short port, 1671 interface_receiver_t receiver, 1672 void * data 1673 ) 1674 { 1675 isc_mem_t * mctx = (void *)-1; 1676 interface_info_t ifi; 1677 isc_interfaceiter_t * iter; 1678 isc_result_t result; 1679 isc_interface_t isc_if; 1680 int new_interface_found; 1681 unsigned int family; 1682 endpt enumep; 1683 endpt * ep; 1684 endpt * next_ep; 1685 endpt * newaddrs; 1686 endpt * newaddrs_tail; 1687 endpt * ep2; 1688 1689 DPRINTF(3, ("update_interfaces(%d)\n", port)); 1690 1691 /* 1692 * phase 1a - scan OS local addresses 1693 * - update those that ntpd already knows 1694 * - build a list of newly-discovered addresses. 1695 */ 1696 1697 new_interface_found = FALSE; 1698 nonlocal_v4_addr_up = nonlocal_v6_addr_up = FALSE; 1699 iter = NULL; 1700 newaddrs = newaddrs_tail = NULL; 1701 result = isc_interfaceiter_create(mctx, &iter); 1702 1703 if (result != ISC_R_SUCCESS) 1704 return 0; 1705 1706 /* 1707 * Toggle system interface scan phase to find untouched 1708 * interfaces to be deleted. 1709 */ 1710 sys_interphase ^= 0x1; 1711 1712 for (result = isc_interfaceiter_first(iter); 1713 ISC_R_SUCCESS == result; 1714 result = isc_interfaceiter_next(iter)) { 1715 1716 result = isc_interfaceiter_current(iter, &isc_if); 1717 1718 if (result != ISC_R_SUCCESS) { 1719 break; 1720 } 1721 /* See if we have a valid family to use */ 1722 family = isc_if.address.family; 1723 if (AF_INET != family && AF_INET6 != family) 1724 continue; 1725 if (AF_INET == family && !ipv4_works) 1726 continue; 1727 if (AF_INET6 == family && !ipv6_works) 1728 continue; 1729 1730 /* create prototype */ 1731 init_interface(&enumep); 1732 1733 convert_isc_if(&isc_if, &enumep, port); 1734 1735 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n")); 1736 1737 /* 1738 * Check if and how we are going to use the interface. 1739 */ 1740 switch (interface_action(enumep.name, &enumep.sin, 1741 enumep.flags)) { 1742 1743 case ACTION_IGNORE: 1744 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n", 1745 enumep.name, stoa(&enumep.sin))); 1746 continue; 1747 1748 case ACTION_LISTEN: 1749 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n", 1750 enumep.name, stoa(&enumep.sin))); 1751 enumep.ignore_packets = ISC_FALSE; 1752 break; 1753 1754 case ACTION_DROP: 1755 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n", 1756 enumep.name, stoa(&enumep.sin))); 1757 enumep.ignore_packets = ISC_TRUE; 1758 break; 1759 } 1760 1761 /* interfaces must be UP to be usable */ 1762 if (!(enumep.flags & INT_UP)) { 1763 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n", 1764 enumep.name, stoa(&enumep.sin))); 1765 continue; 1766 } 1767 1768 /* 1769 * skip any interfaces UP and bound to a wildcard 1770 * address - some dhcp clients produce that in the 1771 * wild 1772 */ 1773 if (is_wildcard_addr(&enumep.sin)) 1774 continue; 1775 1776 if (is_anycast(&enumep.sin, isc_if.name)) 1777 continue; 1778 1779 /* 1780 * skip any address that is an invalid state to be used 1781 */ 1782 if (!is_valid(&enumep.sin, isc_if.name)) 1783 continue; 1784 1785 /* 1786 * Keep track of having non-linklocal connectivity 1787 * for IPv4 and IPv6 so we don't solicit pool hosts 1788 * when it can't work. 1789 */ 1790 if ( !(INT_LOOPBACK & enumep.flags) 1791 && !is_linklocal(&enumep.sin)) { 1792 if (IS_IPV6(&enumep.sin)) { 1793 nonlocal_v6_addr_up = TRUE; 1794 } else { 1795 nonlocal_v4_addr_up = TRUE; 1796 } 1797 } 1798 /* 1799 * map to local *address* in order to map all duplicate 1800 * interfaces to an endpt structure with the appropriate 1801 * socket. Our name space is (ip-address), NOT 1802 * (interface name, ip-address). 1803 */ 1804 ep = getinterface(&enumep.sin, INT_WILDCARD); 1805 1806 if (NULL == ep) { 1807 ep = emalloc(sizeof(*ep)); 1808 memcpy(ep, &enumep, sizeof(*ep)); 1809 if (NULL != newaddrs_tail) { 1810 newaddrs_tail->elink = ep; 1811 newaddrs_tail = ep; 1812 } else { 1813 newaddrs_tail = newaddrs = ep; 1814 } 1815 continue; 1816 } 1817 1818 if (!refresh_interface(ep)) { 1819 /* 1820 * Refreshing failed, we will delete the endpt 1821 * in phase 2 because it was not marked current. 1822 * We can bind to the address as the refresh 1823 * code already closed the endpt's socket. 1824 */ 1825 continue; 1826 } 1827 /* 1828 * found existing and up to date interface - 1829 * mark present. 1830 */ 1831 if (ep->phase != sys_interphase) { 1832 /* 1833 * On a new round we reset the name so 1834 * the interface name shows up again if 1835 * this address is no longer shared. 1836 * We reset ignore_packets from the 1837 * new prototype to respect any runtime 1838 * changes to the nic rules. 1839 */ 1840 strlcpy(ep->name, enumep.name, sizeof(ep->name)); 1841 ep->ignore_packets = enumep.ignore_packets; 1842 } else { 1843 /* 1844 * DLH: else branch might be dead code from 1845 * when both address and name were compared. 1846 */ 1847 msyslog(LOG_INFO, "%s on %u %s -> *multiple*", 1848 stoa(&ep->sin), ep->ifnum, ep->name); 1849 /* name collision - rename interface */ 1850 strlcpy(ep->name, "*multiple*", sizeof(ep->name)); 1851 } 1852 1853 DPRINT_INTERFACE(4, (ep, "updating ", " present\n")); 1854 1855 if (ep->ignore_packets != enumep.ignore_packets) { 1856 /* 1857 * We have conflicting configurations for the 1858 * address. This can happen with 1859 * -I <interfacename> on the command line for an 1860 * interface that shares its address with other 1861 * interfaces. We cannot disambiguate incoming 1862 * packets delivered to this socket without extra 1863 * syscalls/features. Note this is an unusual 1864 * configuration where several interfaces share 1865 * an address but filtering via interface name is 1866 * attempted. We resolve the config conflict by 1867 * disabling the processing of received packets. 1868 * This leads to no service on the address where 1869 * the conflict occurs. 1870 */ 1871 msyslog(LOG_WARNING, 1872 "conflicting listen configuration between" 1873 " %s and %s for %s, disabled", 1874 enumep.name, ep->name, stoa(&enumep.sin)); 1875 1876 ep->ignore_packets = TRUE; 1877 } 1878 1879 ep->phase = sys_interphase; 1880 1881 ifi.action = IFS_EXISTS; 1882 ifi.ep = ep; 1883 if (receiver != NULL) { 1884 (*receiver)(data, &ifi); 1885 } 1886 } 1887 1888 isc_interfaceiter_destroy(&iter); 1889 1890 /* 1891 * Phase 1b 1892 */ 1893 for (ep = newaddrs; ep != NULL; ep = ep->elink) { 1894 if (IS_IPV6(&ep->sin) && is_linklocal(&ep->sin)) { 1895 for (ep2 = newaddrs; ep2 != NULL; ep2 = ep2->elink) { 1896 if ( IS_IPV6(&ep2->sin) 1897 && ep != ep2 1898 && !is_linklocal(&ep2->sin)) { 1899 1900 ep->flags |= INT_LL_OF_GLOB; 1901 break; 1902 } 1903 } 1904 } 1905 } 1906 for (ep2 = newaddrs; ep2 != NULL; ep2 = next_ep) { 1907 next_ep = ep2->elink; 1908 ep2->elink = NULL; 1909 ep = create_interface(port, ep2); 1910 if (ep != NULL) { 1911 ifi.action = IFS_CREATED; 1912 ifi.ep = ep; 1913 if (receiver != NULL) { 1914 (*receiver)(data, &ifi); 1915 } 1916 new_interface_found = TRUE; 1917 DPRINT_INTERFACE(3, 1918 (ep, "updating ", " new - created\n")); 1919 } 1920 else { 1921 DPRINT_INTERFACE(3, 1922 (ep2, "updating ", " new - FAILED")); 1923 1924 msyslog(LOG_ERR, 1925 "cannot bind address %s", 1926 stoa(&ep->sin)); 1927 } 1928 free(ep2); 1929 } 1930 1931 /* 1932 * phase 2 - delete gone interfaces - reassigning peers to 1933 * other interfaces 1934 */ 1935 for (ep = ep_list; ep != NULL; ep = next_ep) { 1936 next_ep = ep->elink; 1937 1938 /* 1939 * if phase does not match sys_phase this interface was 1940 * not enumerated during the last interface scan - so it 1941 * is gone and will be deleted here unless it did not 1942 * originate from interface enumeration (INT_WILDCARD, 1943 * INT_MCASTIF). 1944 */ 1945 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) || 1946 ep->phase == sys_interphase) 1947 continue; 1948 1949 DPRINT_INTERFACE(3, (ep, "updating ", 1950 "GONE - deleting\n")); 1951 remove_interface(ep); 1952 1953 ifi.action = IFS_DELETED; 1954 ifi.ep = ep; 1955 if (receiver != NULL) { 1956 (*receiver)(data, &ifi); 1957 } 1958 /* disconnect peers from deleted endpt. */ 1959 while (ep->peers != NULL) { 1960 set_peerdstadr(ep->peers, NULL); 1961 } 1962 /* 1963 * update globals in case we lose 1964 * a loopback interface 1965 */ 1966 if (ep == loopback_interface) { 1967 loopback_interface = NULL; 1968 } 1969 delete_interface(ep); 1970 } 1971 1972 /* 1973 * phase 3 - re-configure as the world has possibly changed 1974 * 1975 * never ever make this conditional again - it is needed to track 1976 * routing updates. see bug #2506 1977 */ 1978 refresh_all_peerinterfaces(); 1979 1980 if (sys_bclient) { 1981 io_setbclient(); 1982 } 1983 #ifdef MCAST 1984 /* 1985 * Check multicast interfaces and try to join multicast groups if 1986 * not joined yet. 1987 */ 1988 for (ep = ep_list; ep != NULL; ep = ep->elink) { 1989 remaddr_t *entry; 1990 1991 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) { 1992 continue; 1993 } 1994 /* Find remote address that was linked to this interface */ 1995 for (entry = remoteaddr_list; 1996 entry != NULL; 1997 entry = entry->link) { 1998 if (entry->ep == ep) { 1999 if (socket_multicast_enable(ep, &entry->addr)) { 2000 msyslog(LOG_INFO, 2001 "Joined %s socket to multicast group %s", 2002 stoa(&ep->sin), 2003 stoa(&entry->addr)); 2004 } 2005 break; 2006 } 2007 } 2008 } 2009 #endif /* MCAST */ 2010 2011 return new_interface_found; 2012 } 2013 2014 2015 /* 2016 * create_sockets - create a socket for each interface plus a default 2017 * socket for when we don't know where to send 2018 */ 2019 static int 2020 create_sockets( 2021 u_short port 2022 ) 2023 { 2024 #ifndef HAVE_IO_COMPLETION_PORT 2025 /* 2026 * I/O Completion Ports don't care about the select and FD_SET 2027 */ 2028 maxactivefd = 0; 2029 FD_ZERO(&activefds); 2030 #endif 2031 2032 DPRINTF(2, ("create_sockets(%d)\n", port)); 2033 2034 create_wildcards(port); 2035 2036 update_interfaces(port, NULL, NULL); 2037 2038 /* 2039 * Now that we have opened all the sockets, turn off the reuse 2040 * flag for security. 2041 */ 2042 set_reuseaddr(0); 2043 2044 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces)); 2045 2046 return ninterfaces; 2047 } 2048 2049 /* 2050 * create_interface - create a new interface for a given prototype 2051 * binding the socket. 2052 */ 2053 static endpt * 2054 create_interface( 2055 u_short port, 2056 endpt * protot 2057 ) 2058 { 2059 sockaddr_u resmask; 2060 endpt * iface; 2061 int/*BOOL*/ success; 2062 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2063 remaddr_t * entry; 2064 remaddr_t * next_entry; 2065 #endif 2066 DPRINTF(2, ("create_interface(%s)\n", sptoa(&protot->sin))); 2067 2068 /* build an interface */ 2069 iface = new_interface(protot); 2070 2071 /* 2072 * create socket 2073 */ 2074 iface->fd = open_socket(&iface->sin, 0, 0, iface); 2075 2076 if (iface->fd != INVALID_SOCKET) 2077 log_listen_address(iface); 2078 2079 if ((INT_BROADCAST & iface->flags) 2080 && iface->bfd != INVALID_SOCKET) 2081 msyslog(LOG_INFO, "Listening on broadcast address %s", 2082 sptoa(&iface->bcast)); 2083 2084 if (INVALID_SOCKET == iface->fd 2085 && INVALID_SOCKET == iface->bfd) { 2086 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s", 2087 iface->name, 2088 iface->ifnum, 2089 sptoa(&iface->sin)); 2090 delete_interface(iface); 2091 return NULL; 2092 } 2093 2094 /* 2095 * Blacklist our own addresses, no use talking to ourself 2096 */ 2097 SET_HOSTMASK(&resmask, AF(&iface->sin)); 2098 success = hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, 2099 -4, RESM_NTPONLY | RESM_INTERFACE, 2100 RES_IGNORE, 0); 2101 if (!success) { 2102 msyslog(LOG_ERR, 2103 "unable to self-restrict %s", stoa(&iface->sin)); 2104 } 2105 2106 /* 2107 * set globals with the first found 2108 * loopback interface of the appropriate class 2109 */ 2110 if (NULL == loopback_interface && AF_INET == iface->family 2111 && (INT_LOOPBACK & iface->flags)) 2112 loopback_interface = iface; 2113 2114 /* 2115 * put into our interface list 2116 */ 2117 add_addr_to_list(&iface->sin, iface); 2118 add_interface(iface); 2119 2120 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) 2121 /* 2122 * Join any previously-configured compatible multicast groups. 2123 */ 2124 if (INT_MULTICAST & iface->flags && 2125 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) && 2126 !iface->ignore_packets) { 2127 for (entry = remoteaddr_list; 2128 entry != NULL; 2129 entry = next_entry) { 2130 next_entry = entry->link; 2131 if (AF(&iface->sin) != AF(&entry->addr) || 2132 !IS_MCAST(&entry->addr)) 2133 continue; 2134 if (socket_multicast_enable(iface, 2135 &entry->addr)) 2136 msyslog(LOG_INFO, 2137 "Joined %s socket to multicast group %s", 2138 stoa(&iface->sin), 2139 stoa(&entry->addr)); 2140 else 2141 msyslog(LOG_ERR, 2142 "Failed to join %s socket to multicast group %s", 2143 stoa(&iface->sin), 2144 stoa(&entry->addr)); 2145 } 2146 } 2147 #endif /* MCAST && MCAST_NONEWSOCKET */ 2148 2149 DPRINT_INTERFACE(2, (iface, "created ", "\n")); 2150 return iface; 2151 } 2152 2153 2154 #ifdef DEBUG 2155 const char * 2156 iflags_str( 2157 u_int32 iflags 2158 ) 2159 { 2160 const size_t sz = LIB_BUFLENGTH; 2161 char * ifs; 2162 2163 LIB_GETBUF(ifs); 2164 ifs[0] = '\0'; 2165 2166 if (iflags & INT_UP) { 2167 CLEAR_BIT_IF_DEBUG(INT_UP, iflags); 2168 append_flagstr(ifs, sz, "up"); 2169 } 2170 2171 if (iflags & INT_PPP) { 2172 CLEAR_BIT_IF_DEBUG(INT_PPP, iflags); 2173 append_flagstr(ifs, sz, "ppp"); 2174 } 2175 2176 if (iflags & INT_LOOPBACK) { 2177 CLEAR_BIT_IF_DEBUG(INT_LOOPBACK, iflags); 2178 append_flagstr(ifs, sz, "loopback"); 2179 } 2180 2181 if (iflags & INT_BROADCAST) { 2182 CLEAR_BIT_IF_DEBUG(INT_BROADCAST, iflags); 2183 append_flagstr(ifs, sz, "broadcast"); 2184 } 2185 2186 if (iflags & INT_MULTICAST) { 2187 CLEAR_BIT_IF_DEBUG(INT_MULTICAST, iflags); 2188 append_flagstr(ifs, sz, "multicast"); 2189 } 2190 2191 if (iflags & INT_BCASTOPEN) { 2192 CLEAR_BIT_IF_DEBUG(INT_BCASTOPEN, iflags); 2193 append_flagstr(ifs, sz, "bcastopen"); 2194 } 2195 2196 if (iflags & INT_MCASTOPEN) { 2197 CLEAR_BIT_IF_DEBUG(INT_MCASTOPEN, iflags); 2198 append_flagstr(ifs, sz, "mcastopen"); 2199 } 2200 2201 if (iflags & INT_WILDCARD) { 2202 CLEAR_BIT_IF_DEBUG(INT_WILDCARD, iflags); 2203 append_flagstr(ifs, sz, "wildcard"); 2204 } 2205 2206 if (iflags & INT_MCASTIF) { 2207 CLEAR_BIT_IF_DEBUG(INT_MCASTIF, iflags); 2208 append_flagstr(ifs, sz, "mcastif"); 2209 } 2210 2211 if (iflags & INT_PRIVACY) { 2212 CLEAR_BIT_IF_DEBUG(INT_PRIVACY, iflags); 2213 append_flagstr(ifs, sz, "IPv6privacy"); 2214 } 2215 2216 if (iflags & INT_BCASTXMIT) { 2217 CLEAR_BIT_IF_DEBUG(INT_BCASTXMIT, iflags); 2218 append_flagstr(ifs, sz, "bcastxmit"); 2219 } 2220 2221 if (iflags & INT_LL_OF_GLOB) { 2222 CLEAR_BIT_IF_DEBUG(INT_LL_OF_GLOB, iflags); 2223 append_flagstr(ifs, sz, "linklocal-w-global"); 2224 } 2225 2226 DEBUG_INVARIANT(!iflags); 2227 2228 return ifs; 2229 } 2230 #endif /* DEBUG */ 2231 2232 2233 #ifdef SO_EXCLUSIVEADDRUSE 2234 static void 2235 set_excladdruse( 2236 SOCKET fd 2237 ) 2238 { 2239 int one = 1; 2240 int failed; 2241 #ifdef SYS_WINNT 2242 DWORD err; 2243 #endif 2244 2245 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, 2246 (void *)&one, sizeof(one)); 2247 2248 if (!failed) 2249 return; 2250 2251 #ifdef SYS_WINNT 2252 /* 2253 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with 2254 * error WSAINVAL depending on service pack level and whether 2255 * the user account is in the Administrators group. Do not 2256 * complain if it fails that way on versions prior to XP (5.1). 2257 */ 2258 err = GetLastError(); 2259 2260 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */ 2261 && WSAEINVAL == err) 2262 return; 2263 2264 SetLastError(err); 2265 #endif 2266 msyslog(LOG_ERR, 2267 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m", 2268 (int)fd); 2269 } 2270 #endif /* SO_EXCLUSIVEADDRUSE */ 2271 2272 2273 /* 2274 * set_reuseaddr() - set/clear REUSEADDR on all sockets 2275 * NB possible hole - should we be doing this on broadcast 2276 * fd's also? 2277 */ 2278 static void 2279 set_reuseaddr( 2280 int flag 2281 ) 2282 { 2283 #ifndef SO_EXCLUSIVEADDRUSE 2284 endpt *ep; 2285 2286 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2287 if (ep->flags & INT_WILDCARD) 2288 continue; 2289 2290 /* 2291 * if ep->fd is INVALID_SOCKET, we might have a adapter 2292 * configured but not present 2293 */ 2294 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n", 2295 ep->name, stoa(&ep->sin), 2296 flag ? "on" : "off")); 2297 2298 if (ep->fd != INVALID_SOCKET) { 2299 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR, 2300 (void *)&flag, sizeof(flag))) { 2301 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m", 2302 stoa(&ep->sin), flag ? "on" : "off"); 2303 } 2304 } 2305 } 2306 #endif /* ! SO_EXCLUSIVEADDRUSE */ 2307 } 2308 2309 /* 2310 * This is just a wrapper around an internal function so we can 2311 * make other changes as necessary later on 2312 */ 2313 void 2314 enable_broadcast( 2315 endpt * iface, 2316 sockaddr_u * baddr 2317 ) 2318 { 2319 #ifdef OPEN_BCAST_SOCKET 2320 socket_broadcast_enable(iface, iface->fd, baddr); 2321 #endif 2322 } 2323 2324 #ifdef OPEN_BCAST_SOCKET 2325 /* 2326 * Enable a broadcast address to a given socket 2327 * The socket is in the ep_list all we need to do is enable 2328 * broadcasting. It is not this function's job to select the socket 2329 */ 2330 static isc_boolean_t 2331 socket_broadcast_enable( 2332 endpt * iface, 2333 SOCKET fd, 2334 sockaddr_u * baddr 2335 ) 2336 { 2337 #ifdef SO_BROADCAST 2338 int on = 1; 2339 2340 if (IS_IPV4(baddr)) { 2341 /* if this interface can support broadcast, set SO_BROADCAST */ 2342 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, 2343 (void *)&on, sizeof(on))) 2344 msyslog(LOG_ERR, 2345 "setsockopt(SO_BROADCAST) enable failure on address %s: %m", 2346 stoa(baddr)); 2347 else 2348 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n", 2349 fd, stoa(baddr))); 2350 } 2351 iface->flags |= INT_BCASTXMIT; 2352 return ISC_TRUE; 2353 #else 2354 return ISC_FALSE; 2355 #endif /* SO_BROADCAST */ 2356 } 2357 2358 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES 2359 /* 2360 * Remove a broadcast address from a given socket 2361 * The socket is in the ep_list all we need to do is disable 2362 * broadcasting. It is not this function's job to select the socket 2363 */ 2364 static isc_boolean_t 2365 socket_broadcast_disable( 2366 endpt * iface, 2367 sockaddr_u * baddr 2368 ) 2369 { 2370 #ifdef SO_BROADCAST 2371 int off = 0; /* This seems to be OK as an int */ 2372 2373 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET, 2374 SO_BROADCAST, (void *)&off, sizeof(off))) 2375 msyslog(LOG_ERR, 2376 "setsockopt(SO_BROADCAST) disable failure on address %s: %m", 2377 stoa(baddr)); 2378 2379 iface->flags &= ~INT_BCASTXMIT; 2380 return ISC_TRUE; 2381 #else 2382 return ISC_FALSE; 2383 #endif /* SO_BROADCAST */ 2384 } 2385 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */ 2386 2387 #endif /* OPEN_BCAST_SOCKET */ 2388 2389 2390 /* 2391 * Check to see if the address is a multicast address 2392 */ 2393 static isc_boolean_t 2394 addr_ismulticast( 2395 sockaddr_u *maddr 2396 ) 2397 { 2398 isc_boolean_t result; 2399 2400 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT 2401 /* 2402 * If we don't have IPV6 support any IPV6 addr is not multicast 2403 */ 2404 if (IS_IPV6(maddr)) 2405 result = ISC_FALSE; 2406 else 2407 #endif 2408 result = IS_MCAST(maddr); 2409 2410 if (!result) 2411 DPRINTF(4, ("address %s is not multicast\n", 2412 stoa(maddr))); 2413 2414 return result; 2415 } 2416 2417 /* 2418 * Multicast servers need to set the appropriate Multicast interface 2419 * socket option in order for it to know which interface to use for 2420 * send the multicast packet. 2421 */ 2422 void 2423 enable_multicast_if( 2424 endpt * iface, 2425 sockaddr_u * maddr 2426 ) 2427 { 2428 #ifdef MCAST 2429 #ifdef IP_MULTICAST_LOOP 2430 TYPEOF_IP_MULTICAST_LOOP off = 0; 2431 #endif 2432 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP) 2433 u_int off6 = 0; 2434 #endif 2435 2436 REQUIRE(AF(maddr) == AF(&iface->sin)); 2437 2438 switch (AF(&iface->sin)) { 2439 2440 case AF_INET: 2441 #ifdef IP_MULTICAST_LOOP 2442 /* 2443 * Don't send back to itself, but allow failure to set 2444 */ 2445 if (setsockopt(iface->fd, IPPROTO_IP, 2446 IP_MULTICAST_LOOP, 2447 (void *)&off, 2448 sizeof(off))) { 2449 2450 msyslog(LOG_ERR, 2451 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2452 iface->fd, stoa(&iface->sin), 2453 stoa(maddr)); 2454 } 2455 #endif 2456 break; 2457 2458 case AF_INET6: 2459 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2460 #ifdef IPV6_MULTICAST_LOOP 2461 /* 2462 * Don't send back to itself, but allow failure to set 2463 */ 2464 if (setsockopt(iface->fd, IPPROTO_IPV6, 2465 IPV6_MULTICAST_LOOP, 2466 (void *) &off6, sizeof(off6))) { 2467 2468 msyslog(LOG_ERR, 2469 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s", 2470 iface->fd, stoa(&iface->sin), 2471 stoa(maddr)); 2472 } 2473 #endif 2474 break; 2475 #else 2476 return; 2477 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2478 } 2479 return; 2480 #endif 2481 } 2482 2483 /* 2484 * Add a multicast address to a given socket 2485 * The socket is in the ep_list all we need to do is enable 2486 * multicasting. It is not this function's job to select the socket 2487 */ 2488 #if defined(MCAST) 2489 static isc_boolean_t 2490 socket_multicast_enable( 2491 endpt * iface, 2492 sockaddr_u * maddr 2493 ) 2494 { 2495 struct ip_mreq mreq; 2496 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2497 struct ipv6_mreq mreq6; 2498 # endif 2499 switch (AF(maddr)) { 2500 2501 case AF_INET: 2502 ZERO(mreq); 2503 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2504 mreq.imr_interface.s_addr = htonl(INADDR_ANY); 2505 if (setsockopt(iface->fd, 2506 IPPROTO_IP, 2507 IP_ADD_MEMBERSHIP, 2508 (void *)&mreq, 2509 sizeof(mreq))) { 2510 DPRINTF(2, ( 2511 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2512 iface->fd, stoa(&iface->sin), 2513 mreq.imr_multiaddr.s_addr, 2514 mreq.imr_interface.s_addr, 2515 stoa(maddr))); 2516 return ISC_FALSE; 2517 } 2518 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n", 2519 iface->fd, stoa(&iface->sin), 2520 mreq.imr_multiaddr.s_addr, 2521 mreq.imr_interface.s_addr, stoa(maddr))); 2522 break; 2523 2524 case AF_INET6: 2525 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2526 /* 2527 * Enable reception of multicast packets. 2528 * If the address is link-local we can get the 2529 * interface index from the scope id. Don't do this 2530 * for other types of multicast addresses. For now let 2531 * the kernel figure it out. 2532 */ 2533 ZERO(mreq6); 2534 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2535 mreq6.ipv6mr_interface = iface->ifindex; 2536 2537 if (setsockopt(iface->fd, IPPROTO_IPV6, 2538 IPV6_JOIN_GROUP, (void *)&mreq6, 2539 sizeof(mreq6))) { 2540 DPRINTF(2, ( 2541 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)", 2542 iface->fd, stoa(&iface->sin), 2543 mreq6.ipv6mr_interface, stoa(maddr))); 2544 return ISC_FALSE; 2545 } 2546 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n", 2547 iface->fd, stoa(&iface->sin), 2548 mreq6.ipv6mr_interface, stoa(maddr))); 2549 # else 2550 return ISC_FALSE; 2551 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2552 } 2553 iface->flags |= INT_MCASTOPEN; 2554 iface->num_mcast++; 2555 2556 return ISC_TRUE; 2557 } 2558 #endif /* MCAST */ 2559 2560 2561 /* 2562 * Remove a multicast address from a given socket 2563 * The socket is in the ep_list all we need to do is disable 2564 * multicasting. It is not this function's job to select the socket 2565 */ 2566 #ifdef MCAST 2567 static isc_boolean_t 2568 socket_multicast_disable( 2569 endpt * iface, 2570 sockaddr_u * maddr 2571 ) 2572 { 2573 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2574 struct ipv6_mreq mreq6; 2575 # endif 2576 struct ip_mreq mreq; 2577 2578 if (find_addr_in_list(maddr) == NULL) { 2579 DPRINTF(4, ("socket_multicast_disable(%s): not found\n", 2580 stoa(maddr))); 2581 return ISC_TRUE; 2582 } 2583 2584 switch (AF(maddr)) { 2585 2586 case AF_INET: 2587 ZERO(mreq); 2588 mreq.imr_multiaddr = SOCK_ADDR4(maddr); 2589 mreq.imr_interface = SOCK_ADDR4(&iface->sin); 2590 if (setsockopt(iface->fd, IPPROTO_IP, 2591 IP_DROP_MEMBERSHIP, (void *)&mreq, 2592 sizeof(mreq))) { 2593 2594 msyslog(LOG_ERR, 2595 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)", 2596 iface->fd, stoa(&iface->sin), 2597 SRCADR(maddr), SRCADR(&iface->sin), 2598 stoa(maddr)); 2599 return ISC_FALSE; 2600 } 2601 break; 2602 case AF_INET6: 2603 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT 2604 /* 2605 * Disable reception of multicast packets 2606 * If the address is link-local we can get the 2607 * interface index from the scope id. Don't do this 2608 * for other types of multicast addresses. For now let 2609 * the kernel figure it out. 2610 */ 2611 ZERO(mreq6); 2612 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); 2613 mreq6.ipv6mr_interface = iface->ifindex; 2614 2615 if (setsockopt(iface->fd, IPPROTO_IPV6, 2616 IPV6_LEAVE_GROUP, (void *)&mreq6, 2617 sizeof(mreq6))) { 2618 2619 msyslog(LOG_ERR, 2620 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)", 2621 iface->fd, stoa(&iface->sin), 2622 iface->ifindex, stoa(maddr)); 2623 return ISC_FALSE; 2624 } 2625 break; 2626 # else 2627 return ISC_FALSE; 2628 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */ 2629 } 2630 2631 iface->num_mcast--; 2632 if (iface->num_mcast <= 0) { 2633 iface->flags &= ~INT_MCASTOPEN; 2634 } 2635 return ISC_TRUE; 2636 } 2637 #endif /* MCAST */ 2638 2639 2640 /* 2641 * io_setbclient - open the broadcast client sockets 2642 */ 2643 void 2644 io_setbclient(void) 2645 { 2646 #ifdef OPEN_BCAST_SOCKET 2647 endpt * ep; 2648 unsigned int nif, ni4; 2649 2650 nif = ni4 = 0; 2651 set_reuseaddr(1); 2652 2653 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2654 /* count IPv4 interfaces. Needed later to decide 2655 * if we should log an error or not. 2656 */ 2657 if (AF_INET == ep->family) { 2658 ++ni4; 2659 } 2660 2661 if (ep->flags & (INT_WILDCARD | INT_LOOPBACK)) 2662 continue; 2663 2664 /* use only allowed addresses */ 2665 if (ep->ignore_packets) 2666 continue; 2667 2668 /* Need a broadcast-capable interface */ 2669 if (!(ep->flags & INT_BROADCAST)) 2670 continue; 2671 2672 /* Only IPv4 addresses are valid for broadcast */ 2673 REQUIRE(IS_IPV4(&ep->bcast)); 2674 2675 /* Do we already have the broadcast address open? */ 2676 if (ep->flags & INT_BCASTOPEN) { 2677 /* 2678 * account for already open interfaces to avoid 2679 * misleading warning below 2680 */ 2681 nif++; 2682 continue; 2683 } 2684 2685 /* 2686 * Try to open the broadcast address 2687 */ 2688 ep->family = AF_INET; 2689 ep->bfd = open_socket(&ep->bcast, 1, 0, ep); 2690 2691 /* 2692 * If we succeeded then we use it otherwise enable 2693 * broadcast on the interface address 2694 */ 2695 if (ep->bfd != INVALID_SOCKET) { 2696 nif++; 2697 ep->flags |= INT_BCASTOPEN; 2698 msyslog(LOG_INFO, 2699 "Listen for broadcasts to %s on interface #%d %s", 2700 stoa(&ep->bcast), ep->ifnum, ep->name); 2701 } else switch (errno) { 2702 /* Silently ignore EADDRINUSE as we probably 2703 * opened the socket already for an address in 2704 * the same network */ 2705 case EADDRINUSE: 2706 /* Some systems cannot bind a socket to a broadcast 2707 * address, as that is not a valid host address. */ 2708 case EADDRNOTAVAIL: 2709 # ifdef SYS_WINNT /*TODO: use for other systems, too? */ 2710 /* avoid recurrence here -- if we already have a 2711 * regular socket, it's quite useless to try this 2712 * again. 2713 */ 2714 if (ep->fd != INVALID_SOCKET) { 2715 ep->flags |= INT_BCASTOPEN; 2716 nif++; 2717 } 2718 # endif 2719 break; 2720 2721 default: 2722 msyslog(LOG_INFO, 2723 "failed to listen for broadcasts to %s on interface #%d %s", 2724 stoa(&ep->bcast), ep->ifnum, ep->name); 2725 break; 2726 } 2727 } 2728 set_reuseaddr(0); 2729 if (nif != 0) { 2730 broadcast_client_enabled = ISC_TRUE; 2731 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif)); 2732 } else { 2733 broadcast_client_enabled = ISC_FALSE; 2734 /* This is expected when having only IPv6 interfaces 2735 * and no IPv4 interfaces at all. We suppress the error 2736 * log in that case... everything else should work! 2737 */ 2738 if (ni4) { 2739 msyslog(LOG_ERR, 2740 "Unable to listen for broadcasts, no broadcast interfaces available"); 2741 } 2742 } 2743 #else 2744 msyslog(LOG_ERR, 2745 "io_setbclient: Broadcast Client disabled by build"); 2746 #endif /* OPEN_BCAST_SOCKET */ 2747 } 2748 2749 2750 /* 2751 * io_unsetbclient - close the broadcast client sockets 2752 */ 2753 void 2754 io_unsetbclient(void) 2755 { 2756 endpt *ep; 2757 2758 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2759 if (INT_WILDCARD & ep->flags) 2760 continue; 2761 if (!(INT_BCASTOPEN & ep->flags)) 2762 continue; 2763 2764 if (ep->bfd != INVALID_SOCKET) { 2765 /* destroy broadcast listening socket */ 2766 msyslog(LOG_INFO, 2767 "stop listening for broadcasts to %s on interface #%d %s", 2768 stoa(&ep->bcast), ep->ifnum, ep->name); 2769 close_and_delete_fd_from_list(ep->bfd, ep); 2770 ep->bfd = INVALID_SOCKET; 2771 } 2772 ep->flags &= ~INT_BCASTOPEN; 2773 } 2774 broadcast_client_enabled = ISC_FALSE; 2775 } 2776 2777 2778 /* 2779 * io_multicast_add() - add multicast group address 2780 */ 2781 void 2782 io_multicast_add( 2783 sockaddr_u *addr 2784 ) 2785 { 2786 #ifdef MCAST 2787 endpt * ep; 2788 endpt * one_ep; 2789 2790 /* 2791 * Check to see if this is a multicast address 2792 */ 2793 if (!addr_ismulticast(addr)) 2794 return; 2795 2796 /* If we already have it we can just return */ 2797 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { 2798 return; 2799 } 2800 2801 # ifndef MULTICAST_NONEWSOCKET 2802 ep = new_interface(NULL); 2803 2804 /* 2805 * Open a new socket for the multicast address 2806 */ 2807 ep->sin = *addr; 2808 SET_PORT(&ep->sin, NTP_PORT); 2809 ep->family = AF(&ep->sin); 2810 AF(&ep->mask) = ep->family; 2811 SET_ONESMASK(&ep->mask); 2812 2813 set_reuseaddr(1); 2814 ep->bfd = INVALID_SOCKET; 2815 ep->fd = open_socket(&ep->sin, 0, 0, ep); 2816 if (ep->fd != INVALID_SOCKET) { 2817 ep->ignore_packets = ISC_FALSE; 2818 ep->flags |= INT_MCASTIF; 2819 ep->ifindex = SCOPE(addr); 2820 2821 strlcpy(ep->name, "multicast", sizeof(ep->name)); 2822 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n")); 2823 add_interface(ep); 2824 log_listen_address(ep); 2825 } else { 2826 /* bind failed, re-use wildcard interface */ 2827 delete_interface(ep); 2828 2829 if (IS_IPV4(addr)) 2830 ep = wildipv4; 2831 else if (IS_IPV6(addr)) 2832 ep = wildipv6; 2833 else 2834 ep = NULL; 2835 2836 if (ep != NULL) { 2837 /* HACK ! -- stuff in an address */ 2838 /* because we don't bind addr? DH */ 2839 ep->bcast = *addr; 2840 msyslog(LOG_ERR, 2841 "multicast address %s using wildcard interface #%d %s", 2842 stoa(addr), ep->ifnum, ep->name); 2843 } else { 2844 msyslog(LOG_ERR, 2845 "No multicast socket available to use for address %s", 2846 stoa(addr)); 2847 return; 2848 } 2849 } 2850 { /* in place of the { following for in #else clause */ 2851 one_ep = ep; 2852 # else /* MULTICAST_NONEWSOCKET follows */ 2853 /* 2854 * For the case where we can't use a separate socket (Windows) 2855 * join each applicable endpoint socket to the group address. 2856 */ 2857 if (IS_IPV4(addr)) 2858 one_ep = wildipv4; 2859 else 2860 one_ep = wildipv6; 2861 for (ep = ep_list; ep != NULL; ep = ep->elink) { 2862 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) || 2863 !(INT_MULTICAST & ep->flags) || 2864 (INT_LOOPBACK | INT_WILDCARD) & ep->flags) 2865 continue; 2866 one_ep = ep; 2867 # endif /* MULTICAST_NONEWSOCKET */ 2868 if (socket_multicast_enable(ep, addr)) 2869 msyslog(LOG_INFO, 2870 "Joined %s socket to multicast group %s", 2871 stoa(&ep->sin), 2872 stoa(addr)); 2873 } 2874 2875 add_addr_to_list(addr, one_ep); 2876 #else /* !MCAST follows*/ 2877 msyslog(LOG_ERR, 2878 "Can not add multicast address %s: no multicast support", 2879 stoa(addr)); 2880 #endif 2881 return; 2882 } 2883 2884 2885 /* 2886 * io_multicast_del() - delete multicast group address 2887 */ 2888 void 2889 io_multicast_del( 2890 sockaddr_u * addr 2891 ) 2892 { 2893 #ifdef MCAST 2894 endpt *iface; 2895 2896 /* 2897 * Check to see if this is a multicast address 2898 */ 2899 if (!addr_ismulticast(addr)) { 2900 msyslog(LOG_ERR, "invalid multicast address %s", 2901 stoa(addr)); 2902 return; 2903 } 2904 2905 /* 2906 * Disable reception of multicast packets 2907 */ 2908 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN)) 2909 != NULL) 2910 socket_multicast_disable(iface, addr); 2911 2912 delete_addr_from_list(addr); 2913 2914 #else /* not MCAST */ 2915 msyslog(LOG_ERR, 2916 "Can not delete multicast address %s: no multicast support", 2917 stoa(addr)); 2918 #endif /* not MCAST */ 2919 } 2920 2921 2922 /* 2923 * open_socket - open a socket, returning the file descriptor 2924 */ 2925 2926 static SOCKET 2927 open_socket( 2928 sockaddr_u * addr, 2929 int bcast, 2930 int turn_off_reuse, 2931 endpt * interf 2932 ) 2933 { 2934 SOCKET fd; 2935 int errval; 2936 /* 2937 * int is OK for REUSEADR per 2938 * http://www.kohala.com/start/mcast.api.txt 2939 */ 2940 int on = 1; 2941 int off = 0; 2942 2943 if (IS_IPV6(addr) && !ipv6_works) 2944 return INVALID_SOCKET; 2945 2946 /* create a datagram (UDP) socket */ 2947 fd = socket(AF(addr), SOCK_DGRAM, 0); 2948 if (INVALID_SOCKET == fd) { 2949 errval = socket_errno(); 2950 msyslog(LOG_ERR, 2951 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m", 2952 IS_IPV6(addr) ? "6" : "", stoa(addr)); 2953 2954 if (errval == EPROTONOSUPPORT || 2955 errval == EAFNOSUPPORT || 2956 errval == EPFNOSUPPORT) 2957 return (INVALID_SOCKET); 2958 2959 errno = errval; 2960 msyslog(LOG_ERR, 2961 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting", 2962 errno); 2963 exit(1); 2964 } 2965 2966 #ifdef SYS_WINNT 2967 connection_reset_fix(fd, addr); 2968 #endif 2969 /* 2970 * Fixup the file descriptor for some systems 2971 * See bug #530 for details of the issue. 2972 */ 2973 fd = move_fd(fd); 2974 2975 /* 2976 * set SO_REUSEADDR since we will be binding the same port 2977 * number on each interface according to turn_off_reuse. 2978 * This is undesirable on Windows versions starting with 2979 * Windows XP (numeric version 5.1). 2980 */ 2981 #ifdef SYS_WINNT 2982 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */ 2983 #endif 2984 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 2985 (void *)((turn_off_reuse) 2986 ? &off 2987 : &on), 2988 sizeof(on))) { 2989 2990 msyslog(LOG_ERR, 2991 "setsockopt SO_REUSEADDR %s fails for address %s: %m", 2992 (turn_off_reuse) 2993 ? "off" 2994 : "on", 2995 stoa(addr)); 2996 closesocket(fd); 2997 return INVALID_SOCKET; 2998 } 2999 #ifdef SO_EXCLUSIVEADDRUSE 3000 /* 3001 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open 3002 * first will cause more specific binds to fail. 3003 */ 3004 if (!(interf->flags & INT_WILDCARD)) 3005 set_excladdruse(fd); 3006 #endif 3007 3008 /* 3009 * IPv4 specific options go here 3010 */ 3011 if (IS_IPV4(addr)) { 3012 #if defined(IPPROTO_IP) && defined(IP_TOS) 3013 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos, 3014 sizeof(qos))) 3015 msyslog(LOG_ERR, 3016 "setsockopt IP_TOS (%02x) fails on address %s: %m", 3017 qos, stoa(addr)); 3018 #endif /* IPPROTO_IP && IP_TOS */ 3019 if (bcast) 3020 socket_broadcast_enable(interf, fd, addr); 3021 } 3022 3023 /* 3024 * IPv6 specific options go here 3025 */ 3026 if (IS_IPV6(addr)) { 3027 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 3028 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos, 3029 sizeof(qos))) 3030 msyslog(LOG_ERR, 3031 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m", 3032 qos, stoa(addr)); 3033 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */ 3034 #ifdef IPV6_V6ONLY 3035 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS 3036 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, 3037 (void *)&on, sizeof(on))) 3038 msyslog(LOG_ERR, 3039 "setsockopt IPV6_V6ONLY on fails on address %s: %m", 3040 stoa(addr)); 3041 #endif 3042 #ifdef IPV6_BINDV6ONLY 3043 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY, 3044 (void *)&on, sizeof(on))) 3045 msyslog(LOG_ERR, 3046 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m", 3047 stoa(addr)); 3048 #endif 3049 } 3050 3051 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3052 /* 3053 * some OSes don't allow binding to more specific 3054 * addresses if a wildcard address already bound 3055 * to the port and SO_REUSEADDR is not set 3056 */ 3057 if (!is_wildcard_addr(addr)) 3058 set_wildcard_reuse(AF(addr), 1); 3059 #endif 3060 3061 /* 3062 * bind the local address. 3063 */ 3064 errval = bind(fd, &addr->sa, SOCKLEN(addr)); 3065 3066 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND 3067 if (!is_wildcard_addr(addr)) 3068 set_wildcard_reuse(AF(addr), 0); 3069 #endif 3070 3071 if (errval < 0) { 3072 /* 3073 * Don't log this under all conditions 3074 */ 3075 if (turn_off_reuse == 0 3076 #ifdef DEBUG 3077 || debug > 1 3078 #endif 3079 ) { 3080 msyslog(LOG_ERR, 3081 "bind(%d) AF_INET%s %s%s flags 0x%x failed: %m", 3082 fd, IS_IPV6(addr) ? "6" : "", 3083 sptoa(addr), 3084 IS_MCAST(addr) ? " (multicast)" : "", 3085 interf->flags); 3086 } 3087 3088 closesocket(fd); 3089 3090 return INVALID_SOCKET; 3091 } 3092 3093 #ifdef HAVE_TIMESTAMP 3094 { 3095 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, 3096 (void *)&on, sizeof(on))) 3097 msyslog(LOG_DEBUG, 3098 "setsockopt SO_TIMESTAMP on fails on address %s: %m", 3099 stoa(addr)); 3100 else 3101 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n", 3102 fd, stoa(addr))); 3103 } 3104 #endif 3105 #ifdef HAVE_TIMESTAMPNS 3106 { 3107 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, 3108 (void *)&on, sizeof(on))) 3109 msyslog(LOG_DEBUG, 3110 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m", 3111 stoa(addr)); 3112 else 3113 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n", 3114 fd, stoa(addr))); 3115 } 3116 #endif 3117 #ifdef HAVE_BINTIME 3118 { 3119 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME, 3120 (void *)&on, sizeof(on))) 3121 msyslog(LOG_DEBUG, 3122 "setsockopt SO_BINTIME on fails on address %s: %m", 3123 stoa(addr)); 3124 else 3125 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n", 3126 fd, stoa(addr))); 3127 } 3128 #endif 3129 3130 DPRINTF(4, ("bind(%d) addr %s, flags 0x%x\n", 3131 fd, sptoa(addr), interf->flags)); 3132 3133 make_socket_nonblocking(fd); 3134 3135 #ifdef HAVE_SIGNALED_IO 3136 init_socket_sig(fd); 3137 #endif /* not HAVE_SIGNALED_IO */ 3138 3139 add_fd_to_list(fd, FD_TYPE_SOCKET); 3140 3141 #if !defined(SYS_WINNT) && !defined(VMS) 3142 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd, 3143 fcntl(fd, F_GETFL, 0))); 3144 #endif /* SYS_WINNT || VMS */ 3145 3146 #if defined(HAVE_IO_COMPLETION_PORT) 3147 /* 3148 * Add the socket to the completion port 3149 */ 3150 if (!io_completion_port_add_socket(fd, interf, bcast)) { 3151 msyslog(LOG_ERR, "unable to set up io completion port - EXITING"); 3152 exit(1); 3153 } 3154 #endif 3155 return fd; 3156 } 3157 3158 3159 3160 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ 3161 /* 3162 * sendpkt - send a packet to the specified destination from the given endpt 3163 * except for multicast, which may be sent from several addresses. 3164 */ 3165 void 3166 sendpkt( 3167 sockaddr_u * dest, 3168 endpt * ep, 3169 int ttl, 3170 struct pkt * pkt, 3171 int len 3172 ) 3173 { 3174 endpt * src; 3175 int ismcast; 3176 int cc; 3177 int rc; 3178 u_char cttl; 3179 l_fp fp_zero = { { 0 }, 0 }; 3180 l_fp org, rec, xmt; 3181 3182 ismcast = IS_MCAST(dest); 3183 if (!ismcast) { 3184 src = ep; 3185 } else { 3186 #ifndef MCAST 3187 return; 3188 #endif 3189 src = (IS_IPV4(dest)) 3190 ? mc4_list 3191 : mc6_list; 3192 } 3193 3194 if (NULL == src) { 3195 /* 3196 * unbound peer - drop request and wait for better 3197 * network conditions 3198 */ 3199 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n", 3200 ismcast ? "\tMCAST\t***** " : "", 3201 stoa(dest), ttl, len)); 3202 return; 3203 } 3204 3205 do { 3206 if (ismcast && INT_LL_OF_GLOB & src->flags) { 3207 /* avoid duplicate multicasts on same IPv6 net */ 3208 goto loop; 3209 } 3210 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", 3211 ismcast ? "\tMCAST\t***** " : "", src->fd, 3212 stoa(dest), stoa(&src->sin), ttl, len)); 3213 #ifdef MCAST 3214 if (ismcast && ttl > 0 && ttl != src->last_ttl) { 3215 /* 3216 * set the multicast ttl for outgoing packets 3217 */ 3218 switch (AF(&src->sin)) { 3219 3220 case AF_INET : 3221 cttl = (u_char)ttl; 3222 rc = setsockopt(src->fd, IPPROTO_IP, 3223 IP_MULTICAST_TTL, 3224 (void *)&cttl, 3225 sizeof(cttl)); 3226 break; 3227 3228 # ifdef INCLUDE_IPV6_SUPPORT 3229 case AF_INET6 : 3230 rc = setsockopt(src->fd, IPPROTO_IPV6, 3231 IPV6_MULTICAST_HOPS, 3232 (void *)&ttl, 3233 sizeof(ttl)); 3234 break; 3235 # endif /* INCLUDE_IPV6_SUPPORT */ 3236 3237 default: 3238 rc = 0; 3239 } 3240 3241 if (!rc) 3242 src->last_ttl = ttl; 3243 else 3244 msyslog(LOG_ERR, 3245 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m", 3246 stoa(&src->sin)); 3247 } 3248 #endif /* MCAST */ 3249 3250 #ifdef SIM 3251 cc = simulate_server(dest, src, pkt); 3252 #elif defined(HAVE_IO_COMPLETION_PORT) 3253 cc = io_completion_port_sendto(src, src->fd, pkt, 3254 (size_t)len, dest); 3255 #else 3256 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, 3257 &dest->sa, SOCKLEN(dest)); 3258 #endif 3259 if (cc == -1) { 3260 src->notsent++; 3261 packets_notsent++; 3262 } else { 3263 src->sent++; 3264 packets_sent++; 3265 } 3266 loop: 3267 if (ismcast) 3268 src = src->mclink; 3269 } while (ismcast && src != NULL); 3270 3271 /* HMS: pkt->rootdisp is usually random here */ 3272 NTOHL_FP(&pkt->org, &org); 3273 NTOHL_FP(&pkt->rec, &rec); 3274 NTOHL_FP(&pkt->xmt, &xmt); 3275 record_raw_stats(src ? &src->sin : NULL, dest, 3276 &org, &rec, &xmt, &fp_zero, 3277 PKT_LEAP(pkt->li_vn_mode), 3278 PKT_VERSION(pkt->li_vn_mode), 3279 PKT_MODE(pkt->li_vn_mode), 3280 pkt->stratum, 3281 pkt->ppoll, pkt->precision, 3282 FPTOD(NTOHS_FP(pkt->rootdelay)), 3283 FPTOD(NTOHS_FP(pkt->rootdisp)), pkt->refid, 3284 len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten); 3285 } 3286 3287 3288 #if !defined(HAVE_IO_COMPLETION_PORT) 3289 #if !defined(HAVE_SIGNALED_IO) 3290 /* 3291 * fdbits - generate ascii representation of fd_set (FAU debug support) 3292 * HFDF format - highest fd first. 3293 */ 3294 static char * 3295 fdbits( 3296 int count, 3297 const fd_set* set 3298 ) 3299 { 3300 static char buffer[256]; 3301 char * buf = buffer; 3302 3303 count = min(count, sizeof(buffer) - 1); 3304 3305 while (count >= 0) { 3306 *buf++ = FD_ISSET(count, set) ? '#' : '-'; 3307 count--; 3308 } 3309 *buf = '\0'; 3310 3311 return buffer; 3312 } 3313 #endif 3314 3315 #ifdef REFCLOCK 3316 /* 3317 * Routine to read the refclock packets for a specific interface 3318 * Return the number of bytes read. That way we know if we should 3319 * read it again or go on to the next one if no bytes returned 3320 */ 3321 static inline int 3322 read_refclock_packet( 3323 SOCKET fd, 3324 struct refclockio * rp, 3325 l_fp ts 3326 ) 3327 { 3328 u_int read_count; 3329 int buflen; 3330 int saved_errno; 3331 int consumed; 3332 struct recvbuf * rb; 3333 3334 rb = get_free_recv_buffer(TRUE); 3335 3336 if (NULL == rb) { 3337 /* 3338 * No buffer space available - just drop the 'packet'. 3339 * Since this is a non-blocking character stream we read 3340 * all data that we can. 3341 * 3342 * ...hmmmm... what about "tcflush(fd,TCIFLUSH)" here?!? 3343 */ 3344 char buf[128]; 3345 do 3346 buflen = read(fd, buf, sizeof(buf)); 3347 while (buflen > 0); 3348 packets_dropped++; 3349 return (buflen); 3350 } 3351 3352 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead 3353 * to buffer overrun and memory corruption 3354 */ 3355 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space)) 3356 read_count = sizeof(rb->recv_space); 3357 else 3358 read_count = (u_int)rp->datalen; 3359 do { 3360 buflen = read(fd, (char *)&rb->recv_space, read_count); 3361 } while (buflen < 0 && EINTR == errno); 3362 3363 if (buflen <= 0) { 3364 saved_errno = errno; 3365 freerecvbuf(rb); 3366 errno = saved_errno; 3367 return buflen; 3368 } 3369 3370 /* 3371 * Got one. Mark how and when it got here, 3372 * put it on the full list and do bookkeeping. 3373 */ 3374 rb->recv_length = buflen; 3375 rb->recv_peer = rp->srcclock; 3376 rb->dstadr = NULL; 3377 rb->fd = fd; 3378 rb->recv_time = ts; 3379 rb->receiver = rp->clock_recv; 3380 3381 consumed = indicate_refclock_packet(rp, rb); 3382 if (!consumed) { 3383 rp->recvcount++; 3384 packets_received++; 3385 } 3386 3387 return buflen; 3388 } 3389 #endif /* REFCLOCK */ 3390 3391 3392 #ifdef HAVE_PACKET_TIMESTAMP 3393 /* 3394 * extract timestamps from control message buffer 3395 */ 3396 static l_fp 3397 fetch_timestamp( 3398 struct recvbuf * rb, 3399 struct msghdr * msghdr, 3400 l_fp ts 3401 ) 3402 { 3403 struct cmsghdr * cmsghdr; 3404 unsigned long ticks; 3405 double fuzz; 3406 l_fp lfpfuzz; 3407 l_fp nts; 3408 #ifdef DEBUG_TIMING 3409 l_fp dts; 3410 #endif 3411 3412 cmsghdr = CMSG_FIRSTHDR(msghdr); 3413 while (cmsghdr != NULL) { 3414 switch (cmsghdr->cmsg_type) 3415 { 3416 #ifdef HAVE_BINTIME 3417 case SCM_BINTIME: 3418 #endif /* HAVE_BINTIME */ 3419 #ifdef HAVE_TIMESTAMPNS 3420 case SCM_TIMESTAMPNS: 3421 #endif /* HAVE_TIMESTAMPNS */ 3422 #ifdef HAVE_TIMESTAMP 3423 case SCM_TIMESTAMP: 3424 #endif /* HAVE_TIMESTAMP */ 3425 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP) 3426 switch (cmsghdr->cmsg_type) 3427 { 3428 #ifdef HAVE_BINTIME 3429 case SCM_BINTIME: 3430 { 3431 struct bintime pbt; 3432 memcpy(&pbt, CMSG_DATA(cmsghdr), sizeof(pbt)); 3433 /* 3434 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf 3435 */ 3436 nts.l_i = pbt.sec + JAN_1970; 3437 nts.l_uf = (u_int32)(pbt.frac >> 32); 3438 if (sys_tick > measured_tick && 3439 sys_tick > 1e-9) { 3440 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC)); 3441 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC)); 3442 } 3443 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n", 3444 (long)pbt.sec, (u_long)((nts.l_uf / FRAC) * 1e9))); 3445 } 3446 break; 3447 #endif /* HAVE_BINTIME */ 3448 #ifdef HAVE_TIMESTAMPNS 3449 case SCM_TIMESTAMPNS: 3450 { 3451 struct timespec pts; 3452 memcpy(&pts, CMSG_DATA(cmsghdr), sizeof(pts)); 3453 if (sys_tick > measured_tick && 3454 sys_tick > 1e-9) { 3455 ticks = (unsigned long)((pts.tv_nsec * 1e-9) / 3456 sys_tick); 3457 pts.tv_nsec = (long)(ticks * 1e9 * 3458 sys_tick); 3459 } 3460 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n", 3461 pts.tv_sec, pts.tv_nsec)); 3462 nts = tspec_stamp_to_lfp(pts); 3463 } 3464 break; 3465 #endif /* HAVE_TIMESTAMPNS */ 3466 #ifdef HAVE_TIMESTAMP 3467 case SCM_TIMESTAMP: 3468 { 3469 struct timeval ptv; 3470 memcpy(&ptv, CMSG_DATA(cmsghdr), sizeof(ptv)); 3471 if (sys_tick > measured_tick && 3472 sys_tick > 1e-6) { 3473 ticks = (unsigned long)((ptv.tv_usec * 1e-6) / 3474 sys_tick); 3475 ptv.tv_usec = (long)(ticks * 1e6 * 3476 sys_tick); 3477 } 3478 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n", 3479 (intmax_t)ptv.tv_sec, (long)ptv.tv_usec)); 3480 nts = tval_stamp_to_lfp(ptv); 3481 } 3482 break; 3483 #endif /* HAVE_TIMESTAMP */ 3484 } 3485 fuzz = ntp_uurandom() * sys_fuzz; 3486 DTOLFP(fuzz, &lfpfuzz); 3487 L_ADD(&nts, &lfpfuzz); 3488 #ifdef DEBUG_TIMING 3489 dts = ts; 3490 L_SUB(&dts, &nts); 3491 collect_timing(rb, "input processing delay", 1, 3492 &dts); 3493 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n", 3494 lfptoa(&dts, 9))); 3495 #endif /* DEBUG_TIMING */ 3496 ts = nts; /* network time stamp */ 3497 break; 3498 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */ 3499 3500 default: 3501 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n", 3502 cmsghdr->cmsg_type)); 3503 } 3504 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr); 3505 } 3506 return ts; 3507 } 3508 #endif /* HAVE_PACKET_TIMESTAMP */ 3509 3510 3511 /* 3512 * Routine to read the network NTP packets for a specific interface 3513 * Return the number of bytes read. That way we know if we should 3514 * read it again or go on to the next one if no bytes returned 3515 */ 3516 static inline int 3517 read_network_packet( 3518 SOCKET fd, 3519 endpt * itf, 3520 l_fp ts 3521 ) 3522 { 3523 GETSOCKNAME_SOCKLEN_TYPE fromlen; 3524 int buflen; 3525 register struct recvbuf *rb; 3526 #ifdef HAVE_PACKET_TIMESTAMP 3527 struct msghdr msghdr; 3528 struct iovec iovec; 3529 char control[CMSG_BUFSIZE]; 3530 #endif 3531 3532 /* 3533 * Get a buffer and read the frame. If we haven't got a buffer, 3534 * or this is received on a disallowed socket, just dump the 3535 * packet. 3536 */ 3537 3538 rb = itf->ignore_packets ? NULL : get_free_recv_buffer(FALSE); 3539 if (NULL == rb) { 3540 /* A partial read on a UDP socket truncates the data and 3541 * removes the message from the queue. So there's no 3542 * need to have a full buffer here on the stack. 3543 */ 3544 char buf[16]; 3545 sockaddr_u from; 3546 3547 if (rb != NULL) 3548 freerecvbuf(rb); 3549 3550 fromlen = sizeof(from); 3551 buflen = recvfrom(fd, buf, sizeof(buf), 0, 3552 &from.sa, &fromlen); 3553 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", 3554 (itf->ignore_packets) 3555 ? "ignore" 3556 : "drop", 3557 free_recvbuffs(), fd, stoa(&from))); 3558 if (itf->ignore_packets) 3559 packets_ignored++; 3560 else 3561 packets_dropped++; 3562 return (buflen); 3563 } 3564 3565 fromlen = sizeof(rb->recv_srcadr); 3566 3567 #ifndef HAVE_PACKET_TIMESTAMP 3568 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space, 3569 sizeof(rb->recv_space), 0, 3570 &rb->recv_srcadr.sa, &fromlen); 3571 #else 3572 iovec.iov_base = &rb->recv_space; 3573 iovec.iov_len = sizeof(rb->recv_space); 3574 msghdr.msg_name = &rb->recv_srcadr; 3575 msghdr.msg_namelen = fromlen; 3576 msghdr.msg_iov = &iovec; 3577 msghdr.msg_iovlen = 1; 3578 msghdr.msg_control = (void *)&control; 3579 msghdr.msg_controllen = sizeof(control); 3580 msghdr.msg_flags = 0; 3581 rb->recv_length = recvmsg(fd, &msghdr, 0); 3582 #endif 3583 3584 buflen = rb->recv_length; 3585 3586 if (buflen == 0 || (buflen == -1 && 3587 (EWOULDBLOCK == errno 3588 #ifdef EAGAIN 3589 || EAGAIN == errno 3590 #endif 3591 ))) { 3592 freerecvbuf(rb); 3593 return (buflen); 3594 } else if (buflen < 0) { 3595 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m", 3596 stoa(&rb->recv_srcadr), fd); 3597 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n", 3598 fd)); 3599 freerecvbuf(rb); 3600 return (buflen); 3601 } 3602 3603 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", 3604 fd, buflen, stoa(&rb->recv_srcadr))); 3605 3606 #ifdef ENABLE_BUG3020_FIX 3607 if (ISREFCLOCKADR(&rb->recv_srcadr)) { 3608 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: refclock srcadr on a network interface!", 3609 stoa(&rb->recv_srcadr), fd); 3610 DPRINTF(1, ("read_network_packet: fd=%d dropped (refclock srcadr))\n", 3611 fd)); 3612 packets_dropped++; 3613 freerecvbuf(rb); 3614 return (buflen); 3615 } 3616 #endif 3617 3618 /* 3619 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 3620 */ 3621 3622 if ( IS_IPV6(&rb->recv_srcadr) 3623 && IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) 3624 && !(INT_LOOPBACK & itf->flags)) { 3625 3626 packets_dropped++; 3627 DPRINTF(2, ("DROPPING pkt with spoofed ::1 source on %s\n", latoa(itf))); 3628 freerecvbuf(rb); 3629 return -1; 3630 } 3631 3632 /* 3633 * Got one. Mark how and when it got here, 3634 * put it on the full list and do bookkeeping. 3635 */ 3636 rb->dstadr = itf; 3637 rb->fd = fd; 3638 #ifdef HAVE_PACKET_TIMESTAMP 3639 /* pick up a network time stamp if possible */ 3640 ts = fetch_timestamp(rb, &msghdr, ts); 3641 #endif 3642 rb->recv_time = ts; 3643 rb->receiver = receive; 3644 3645 add_full_recv_buffer(rb); 3646 3647 itf->received++; 3648 packets_received++; 3649 return (buflen); 3650 } 3651 3652 /* 3653 * attempt to handle io (select()/signaled IO) 3654 */ 3655 void 3656 io_handler(void) 3657 { 3658 # ifndef HAVE_SIGNALED_IO 3659 fd_set rdfdes; 3660 int nfound; 3661 3662 /* 3663 * Use select() on all on all input fd's for unlimited 3664 * time. select() will terminate on SIGALARM or on the 3665 * reception of input. Using select() means we can't do 3666 * robust signal handling and we get a potential race 3667 * between checking for alarms and doing the select(). 3668 * Mostly harmless, I think. 3669 */ 3670 /* 3671 * On VMS, I suspect that select() can't be interrupted 3672 * by a "signal" either, so I take the easy way out and 3673 * have select() time out after one second. 3674 * System clock updates really aren't time-critical, 3675 * and - lacking a hardware reference clock - I have 3676 * yet to learn about anything else that is. 3677 */ 3678 ++handler_calls; 3679 rdfdes = activefds; 3680 # if !defined(VMS) && !defined(SYS_VXWORKS) 3681 nfound = select(maxactivefd + 1, &rdfdes, NULL, 3682 NULL, NULL); 3683 # else /* VMS, VxWorks */ 3684 /* make select() wake up after one second */ 3685 { 3686 struct timeval t1; 3687 t1.tv_sec = 1; 3688 t1.tv_usec = 0; 3689 nfound = select(maxactivefd + 1, 3690 &rdfdes, NULL, NULL, 3691 &t1); 3692 } 3693 # endif /* VMS, VxWorks */ 3694 if (nfound < 0 && sanitize_fdset(errno)) { 3695 struct timeval t1; 3696 t1.tv_sec = 0; 3697 t1.tv_usec = 0; 3698 rdfdes = activefds; 3699 nfound = select(maxactivefd + 1, 3700 &rdfdes, NULL, NULL, 3701 &t1); 3702 } 3703 3704 if (nfound > 0) { 3705 l_fp ts; 3706 3707 get_systime(&ts); 3708 3709 input_handler_scan(&ts, &rdfdes); 3710 } else if (nfound == -1 && errno != EINTR) { 3711 msyslog(LOG_ERR, "select() error: %m"); 3712 } 3713 # ifdef DEBUG 3714 else if (debug > 4) { 3715 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); 3716 } else { 3717 DPRINTF(3, ("select() returned %d: %m\n", nfound)); 3718 } 3719 # endif /* DEBUG */ 3720 # else /* HAVE_SIGNALED_IO */ 3721 wait_for_signal(); 3722 # endif /* HAVE_SIGNALED_IO */ 3723 } 3724 3725 #ifdef HAVE_SIGNALED_IO 3726 /* 3727 * input_handler - receive packets asynchronously 3728 * 3729 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed! 3730 */ 3731 static RETSIGTYPE 3732 input_handler( 3733 l_fp * cts 3734 ) 3735 { 3736 int n; 3737 struct timeval tvzero; 3738 fd_set fds; 3739 3740 ++handler_calls; 3741 3742 /* 3743 * Do a poll to see who has data 3744 */ 3745 3746 fds = activefds; 3747 tvzero.tv_sec = tvzero.tv_usec = 0; 3748 3749 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3750 if (n < 0 && sanitize_fdset(errno)) { 3751 fds = activefds; 3752 tvzero.tv_sec = tvzero.tv_usec = 0; 3753 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); 3754 } 3755 if (n > 0) 3756 input_handler_scan(cts, &fds); 3757 } 3758 #endif /* HAVE_SIGNALED_IO */ 3759 3760 3761 /* 3762 * Try to sanitize the global FD set 3763 * 3764 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3765 */ 3766 static int/*BOOL*/ 3767 sanitize_fdset( 3768 int errc 3769 ) 3770 { 3771 int j, b, maxscan; 3772 3773 # ifndef HAVE_SIGNALED_IO 3774 /* 3775 * extended FAU debugging output 3776 */ 3777 if (errc != EINTR) { 3778 msyslog(LOG_ERR, 3779 "select(%d, %s, 0L, 0L, &0.0) error: %m", 3780 maxactivefd + 1, 3781 fdbits(maxactivefd, &activefds)); 3782 } 3783 # endif 3784 3785 if (errc != EBADF) 3786 return FALSE; 3787 3788 /* if we have oviously bad FDs, try to sanitize the FD set. */ 3789 for (j = 0, maxscan = 0; j <= maxactivefd; j++) { 3790 if (FD_ISSET(j, &activefds)) { 3791 if (-1 != read(j, &b, 0)) { 3792 maxscan = j; 3793 continue; 3794 } 3795 # ifndef HAVE_SIGNALED_IO 3796 msyslog(LOG_ERR, 3797 "Removing bad file descriptor %d from select set", 3798 j); 3799 # endif 3800 FD_CLR(j, &activefds); 3801 } 3802 } 3803 if (maxactivefd != maxscan) 3804 maxactivefd = maxscan; 3805 return TRUE; 3806 } 3807 3808 /* 3809 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'. 3810 * 3811 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise 3812 */ 3813 static void 3814 input_handler_scan( 3815 const l_fp * cts, 3816 const fd_set * pfds 3817 ) 3818 { 3819 int buflen; 3820 u_int idx; 3821 int doing; 3822 SOCKET fd; 3823 blocking_child *c; 3824 l_fp ts; /* Timestamp at BOselect() gob */ 3825 3826 #if defined(DEBUG_TIMING) 3827 l_fp ts_e; /* Timestamp at EOselect() gob */ 3828 #endif 3829 endpt * ep; 3830 #ifdef REFCLOCK 3831 struct refclockio *rp; 3832 int saved_errno; 3833 const char * clk; 3834 #endif 3835 #ifdef HAS_ROUTING_SOCKET 3836 struct asyncio_reader * asyncio_reader; 3837 struct asyncio_reader * next_asyncio_reader; 3838 #endif 3839 3840 ++handler_pkts; 3841 ts = *cts; 3842 3843 #ifdef REFCLOCK 3844 /* 3845 * Check out the reference clocks first, if any 3846 */ 3847 3848 for (rp = refio; rp != NULL; rp = rp->next) { 3849 fd = rp->fd; 3850 3851 if (!FD_ISSET(fd, pfds)) 3852 continue; 3853 buflen = read_refclock_packet(fd, rp, ts); 3854 /* 3855 * The first read must succeed after select() indicates 3856 * readability, or we've reached a permanent EOF. 3857 * http://bugs.ntp.org/1732 reported ntpd munching CPU 3858 * after a USB GPS was unplugged because select was 3859 * indicating EOF but ntpd didn't remove the descriptor 3860 * from the activefds set. 3861 */ 3862 if (buflen < 0 && EAGAIN != errno) { 3863 saved_errno = errno; 3864 clk = refnumtoa(&rp->srcclock->srcadr); 3865 errno = saved_errno; 3866 msyslog(LOG_ERR, "%s read: %m", clk); 3867 maintain_activefds(fd, TRUE); 3868 } else if (0 == buflen) { 3869 clk = refnumtoa(&rp->srcclock->srcadr); 3870 msyslog(LOG_ERR, "%s read EOF", clk); 3871 maintain_activefds(fd, TRUE); 3872 } else { 3873 /* drain any remaining refclock input */ 3874 do { 3875 buflen = read_refclock_packet(fd, rp, ts); 3876 } while (buflen > 0); 3877 } 3878 } 3879 #endif /* REFCLOCK */ 3880 3881 /* 3882 * Loop through the interfaces looking for data to read. 3883 */ 3884 for (ep = ep_list; ep != NULL; ep = ep->elink) { 3885 for (doing = 0; doing < 2; doing++) { 3886 if (!doing) { 3887 fd = ep->fd; 3888 } else { 3889 if (!(ep->flags & INT_BCASTOPEN)) 3890 break; 3891 fd = ep->bfd; 3892 } 3893 if (fd < 0) 3894 continue; 3895 if (FD_ISSET(fd, pfds)) 3896 do { 3897 buflen = read_network_packet( 3898 fd, ep, ts); 3899 } while (buflen > 0); 3900 /* Check more interfaces */ 3901 } 3902 } 3903 3904 #ifdef HAS_ROUTING_SOCKET 3905 /* 3906 * scan list of asyncio readers - currently only used for routing sockets 3907 */ 3908 asyncio_reader = asyncio_reader_list; 3909 3910 while (asyncio_reader != NULL) { 3911 /* callback may unlink and free asyncio_reader */ 3912 next_asyncio_reader = asyncio_reader->link; 3913 if (FD_ISSET(asyncio_reader->fd, pfds)) 3914 (*asyncio_reader->receiver)(asyncio_reader); 3915 asyncio_reader = next_asyncio_reader; 3916 } 3917 #endif /* HAS_ROUTING_SOCKET */ 3918 3919 /* 3920 * Check for a response from a blocking child 3921 */ 3922 for (idx = 0; idx < blocking_children_alloc; idx++) { 3923 c = blocking_children[idx]; 3924 if (NULL == c || -1 == c->resp_read_pipe) 3925 continue; 3926 if (FD_ISSET(c->resp_read_pipe, pfds)) { 3927 ++c->resp_ready_seen; 3928 ++blocking_child_ready_seen; 3929 } 3930 } 3931 3932 /* We've done our work */ 3933 #if defined(DEBUG_TIMING) 3934 get_systime(&ts_e); 3935 /* 3936 * (ts_e - ts) is the amount of time we spent 3937 * processing this gob of file descriptors. Log 3938 * it. 3939 */ 3940 L_SUB(&ts_e, &ts); 3941 collect_timing(NULL, "input handler", 1, &ts_e); 3942 if (debug > 3) 3943 msyslog(LOG_DEBUG, 3944 "input_handler: Processed a gob of fd's in %s msec", 3945 lfptoms(&ts_e, 6)); 3946 #endif /* DEBUG_TIMING */ 3947 } 3948 #endif /* !HAVE_IO_COMPLETION_PORT */ 3949 3950 /* 3951 * find an interface suitable for the src address 3952 */ 3953 endpt * 3954 select_peerinterface( 3955 struct peer * peer, 3956 sockaddr_u * srcadr, 3957 endpt * dstadr 3958 ) 3959 { 3960 endpt *ep; 3961 #ifndef SIM 3962 endpt *wild; 3963 3964 wild = ANY_INTERFACE_CHOOSE(srcadr); 3965 3966 /* 3967 * Initialize the peer structure and dance the interface jig. 3968 * Reference clocks step the loopback waltz, the others 3969 * squaredance around the interface list looking for a buddy. If 3970 * the dance peters out, there is always the wildcard interface. 3971 * This might happen in some systems and would preclude proper 3972 * operation with public key cryptography. 3973 */ 3974 if (ISREFCLOCKADR(srcadr)) { 3975 ep = loopback_interface; 3976 } else if (peer->cast_flags & 3977 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) { 3978 ep = findbcastinter(srcadr); 3979 if (ep != NULL) 3980 DPRINTF(4, ("Found *-cast interface %s for address %s\n", 3981 stoa(&ep->sin), stoa(srcadr))); 3982 else 3983 DPRINTF(4, ("No *-cast local address found for address %s\n", 3984 stoa(srcadr))); 3985 } else { 3986 ep = dstadr; 3987 if (NULL == ep) { 3988 ep = wild; 3989 } 3990 } 3991 /* 3992 * If it is a multicast address, findbcastinter() may not find 3993 * it. For unicast, we get to find the interface when dstadr is 3994 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either 3995 * way, try a little harder. 3996 */ 3997 if (wild == ep) { 3998 ep = findinterface(srcadr); 3999 } 4000 /* 4001 * we do not bind to the wildcard interfaces for output 4002 * as our (network) source address would be undefined and 4003 * crypto will not work without knowing the own transmit address 4004 */ 4005 if (ep != NULL && (INT_WILDCARD & ep->flags)) { 4006 if (!accept_wildcard_if_for_winnt) { 4007 ep = NULL; 4008 } 4009 } 4010 #else /* SIM follows */ 4011 ep = loopback_interface; 4012 #endif 4013 4014 return ep; 4015 } 4016 4017 4018 /* 4019 * findinterface - find local interface corresponding to address 4020 */ 4021 endpt * 4022 findinterface( 4023 sockaddr_u *addr 4024 ) 4025 { 4026 endpt *iface; 4027 4028 iface = findlocalinterface(addr, INT_WILDCARD, 0); 4029 4030 if (NULL == iface) { 4031 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n", 4032 stoa(addr))); 4033 4034 iface = ANY_INTERFACE_CHOOSE(addr); 4035 } else 4036 DPRINTF(4, ("Found interface #%d %s for address %s\n", 4037 iface->ifnum, iface->name, stoa(addr))); 4038 4039 return iface; 4040 } 4041 4042 /* 4043 * findlocalinterface - find local interface corresponding to addr, 4044 * which does not have any of flags set. If bcast is nonzero, addr is 4045 * a broadcast address. 4046 * 4047 * This code attempts to find the local sending address for an outgoing 4048 * address by connecting a new socket to destinationaddress:NTP_PORT 4049 * and reading the sockname of the resulting connect. 4050 * the complicated sequence simulates the routing table lookup 4051 * for to first hop without duplicating any of the routing logic into 4052 * ntpd. preferably we would have used an API call - but its not there - 4053 * so this is the best we can do here short of duplicating to entire routing 4054 * logic in ntpd which would be a silly and really unportable thing to do. 4055 * 4056 */ 4057 static endpt * 4058 findlocalinterface( 4059 sockaddr_u * addr, 4060 int flags, 4061 int bcast 4062 ) 4063 { 4064 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen; 4065 endpt * iface; 4066 sockaddr_u saddr; 4067 SOCKET s; 4068 int rtn; 4069 int on; 4070 4071 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", 4072 stoa(addr))); 4073 4074 /* [Bug 3437] The prototype POOL peer can be AF_UNSPEC. 4075 * This is bound to fail, but on the way to nowhere it 4076 * triggers a security incident on SELinux. 4077 * 4078 * Checking the condition and failing early is probably good 4079 * advice, and even saves us some syscalls in that case. 4080 * Thanks to Miroslav Lichvar for finding this. 4081 */ 4082 if (AF_UNSPEC == AF(addr)) { 4083 return NULL; 4084 } 4085 s = socket(AF(addr), SOCK_DGRAM, 0); 4086 if (INVALID_SOCKET == s) { 4087 return NULL; 4088 } 4089 /* 4090 * If we are looking for broadcast interface we need to set this 4091 * socket to allow broadcast 4092 */ 4093 if (bcast) { 4094 on = 1; 4095 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET, 4096 SO_BROADCAST, 4097 (void *)&on, 4098 sizeof(on))) { 4099 closesocket(s); 4100 return NULL; 4101 } 4102 } 4103 4104 rtn = connect(s, &addr->sa, SOCKLEN(addr)); 4105 if (SOCKET_ERROR == rtn) { 4106 closesocket(s); 4107 return NULL; 4108 } 4109 4110 sockaddrlen = sizeof(saddr); 4111 rtn = getsockname(s, &saddr.sa, &sockaddrlen); 4112 closesocket(s); 4113 if (SOCKET_ERROR == rtn) 4114 return NULL; 4115 4116 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n", 4117 stoa(addr), stoa(&saddr))); 4118 4119 iface = getinterface(&saddr, flags); 4120 4121 /* 4122 * if we didn't find an exact match on saddr, find the closest 4123 * available local address. This handles the case of the 4124 * address suggested by the kernel being excluded by nic rules 4125 * or the user's -I and -L options to ntpd. 4126 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 4127 * for more background. 4128 */ 4129 if (NULL == iface || iface->ignore_packets) { 4130 iface = findclosestinterface(&saddr, 4131 flags | INT_LOOPBACK); 4132 } 4133 /* 4134 * Don't select an interface which will ignore replies, or one 4135 * dedicated to multicast receive. 4136 */ 4137 if ( iface != NULL 4138 && (iface->ignore_packets || (INT_MCASTIF & iface->flags))) { 4139 iface = NULL; 4140 } 4141 return iface; 4142 } 4143 4144 4145 /* 4146 * findclosestinterface 4147 * 4148 * If there are -I/--interface or -L/novirtualips command-line options, 4149 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may 4150 * find the kernel's preferred local address for a given peer address is 4151 * administratively unavailable to ntpd, and punt to this routine's more 4152 * expensive search. 4153 * 4154 * Find the numerically closest local address to the one connect() 4155 * suggested. This matches an address on the same subnet first, as 4156 * needed by Bug 1184, and provides a consistent choice if there are 4157 * multiple feasible local addresses, regardless of the order ntpd 4158 * enumerated them. 4159 */ 4160 endpt * 4161 findclosestinterface( 4162 sockaddr_u * addr, 4163 int flags 4164 ) 4165 { 4166 endpt * ep; 4167 endpt * winner; 4168 sockaddr_u addr_dist; 4169 sockaddr_u min_dist; 4170 4171 ZERO_SOCK(&min_dist); 4172 winner = NULL; 4173 4174 for (ep = ep_list; ep != NULL; ep = ep->elink) { 4175 if (ep->ignore_packets || 4176 AF(addr) != ep->family || 4177 flags & ep->flags) 4178 continue; 4179 4180 calc_addr_distance(&addr_dist, addr, &ep->sin); 4181 if (NULL == winner || 4182 -1 == cmp_addr_distance(&addr_dist, &min_dist)) { 4183 min_dist = addr_dist; 4184 winner = ep; 4185 } 4186 } 4187 if (NULL == winner) 4188 DPRINTF(4, ("findclosestinterface(%s) failed\n", 4189 stoa(addr))); 4190 else 4191 DPRINTF(4, ("findclosestinterface(%s) -> %s\n", 4192 stoa(addr), stoa(&winner->sin))); 4193 4194 return winner; 4195 } 4196 4197 4198 /* 4199 * calc_addr_distance - calculate the distance between two addresses, 4200 * the absolute value of the difference between 4201 * the addresses numerically, stored as an address. 4202 */ 4203 static void 4204 calc_addr_distance( 4205 sockaddr_u * dist, 4206 const sockaddr_u * a1, 4207 const sockaddr_u * a2 4208 ) 4209 { 4210 u_char * pdist; 4211 const u_char * p1; 4212 const u_char * p2; 4213 size_t cb; 4214 int different; 4215 int a1_greater; 4216 u_int u; 4217 4218 REQUIRE(AF(a1) == AF(a2)); 4219 4220 ZERO_SOCK(dist); 4221 AF(dist) = AF(a1); 4222 4223 if (IS_IPV4(a1)) { 4224 pdist = ( u_char *)&NSRCADR(dist); 4225 p1 = (const u_char *)&NSRCADR(a1); 4226 p2 = (const u_char *)&NSRCADR(a2); 4227 } else { 4228 pdist = ( u_char *)&NSRCADR(dist); 4229 p1 = (const u_char *)&NSRCADR(a1); 4230 p2 = (const u_char *)&NSRCADR(a2); 4231 } 4232 cb = SIZEOF_INADDR(AF(dist)); 4233 different = FALSE; 4234 a1_greater = FALSE; 4235 for (u = 0; u < cb; u++) { 4236 if (!different && p1[u] != p2[u]) { 4237 a1_greater = (p1[u] > p2[u]); 4238 different = TRUE; 4239 } 4240 if (a1_greater) { 4241 pdist[u] = p1[u] - p2[u]; 4242 } else { 4243 pdist[u] = p2[u] - p1[u]; 4244 } 4245 } 4246 } 4247 4248 4249 /* 4250 * cmp_addr_distance - compare two address distances, returning -1, 0, 4251 * 1 to indicate their relationship. 4252 */ 4253 static int 4254 cmp_addr_distance( 4255 const sockaddr_u * d1, 4256 const sockaddr_u * d2 4257 ) 4258 { 4259 int i; 4260 4261 REQUIRE(AF(d1) == AF(d2)); 4262 4263 if (IS_IPV4(d1)) { 4264 if (SRCADR(d1) < SRCADR(d2)) 4265 return -1; 4266 else if (SRCADR(d1) == SRCADR(d2)) 4267 return 0; 4268 else 4269 return 1; 4270 } 4271 4272 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) { 4273 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i]) 4274 return -1; 4275 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i]) 4276 return 1; 4277 } 4278 4279 return 0; 4280 } 4281 4282 4283 4284 /* 4285 * fetch an interface structure the matches the 4286 * address and has the given flags NOT set 4287 */ 4288 endpt * 4289 getinterface( 4290 sockaddr_u * addr, 4291 u_int32 flags 4292 ) 4293 { 4294 endpt *iface; 4295 4296 iface = find_addr_in_list(addr); 4297 4298 if (iface != NULL && (iface->flags & flags)) 4299 iface = NULL; 4300 4301 return iface; 4302 } 4303 4304 4305 /* 4306 * findbcastinter - find broadcast interface corresponding to address 4307 */ 4308 endpt * 4309 findbcastinter( 4310 sockaddr_u *addr 4311 ) 4312 { 4313 endpt * iface; 4314 4315 iface = NULL; 4316 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT)) 4317 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n", 4318 stoa(addr))); 4319 4320 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD, 4321 1); 4322 if (iface != NULL) { 4323 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n", 4324 iface->ifnum, iface->name)); 4325 return iface; 4326 } 4327 4328 /* 4329 * plan B - try to find something reasonable in our lists in 4330 * case kernel lookup doesn't help 4331 */ 4332 for (iface = ep_list; iface != NULL; iface = iface->elink) { 4333 if (iface->flags & INT_WILDCARD) 4334 continue; 4335 4336 /* Don't bother with ignored interfaces */ 4337 if (iface->ignore_packets) 4338 continue; 4339 4340 /* 4341 * First look if this is the correct family 4342 */ 4343 if(AF(&iface->sin) != AF(addr)) 4344 continue; 4345 4346 /* Skip the loopback addresses */ 4347 if (iface->flags & INT_LOOPBACK) 4348 continue; 4349 4350 /* 4351 * If we are looking to match a multicast address and 4352 * this interface is one... 4353 */ 4354 if (addr_ismulticast(addr) 4355 && (iface->flags & INT_MULTICAST)) { 4356 #ifdef INCLUDE_IPV6_SUPPORT 4357 /* 4358 * ...it is the winner unless we're looking for 4359 * an interface to use for link-local multicast 4360 * and its address is not link-local. 4361 */ 4362 if (IS_IPV6(addr) 4363 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr)) 4364 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin))) 4365 continue; 4366 #endif 4367 break; 4368 } 4369 4370 /* 4371 * We match only those interfaces marked as 4372 * broadcastable and either the explicit broadcast 4373 * address or the network portion of the IP address. 4374 * Sloppy. 4375 */ 4376 if (IS_IPV4(addr)) { 4377 if (SOCK_EQ(&iface->bcast, addr)) 4378 break; 4379 4380 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask)) 4381 == (NSRCADR(addr) & NSRCADR(&iface->mask))) 4382 break; 4383 } 4384 #ifdef INCLUDE_IPV6_SUPPORT 4385 else if (IS_IPV6(addr)) { 4386 if (SOCK_EQ(&iface->bcast, addr)) 4387 break; 4388 4389 if (SOCK_EQ(netof(&iface->sin), netof(addr))) 4390 break; 4391 } 4392 #endif 4393 } 4394 #endif /* SIOCGIFCONF */ 4395 if (NULL == iface) { 4396 DPRINTF(4, ("No bcast interface found for %s\n", 4397 stoa(addr))); 4398 iface = ANY_INTERFACE_CHOOSE(addr); 4399 } else { 4400 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n", 4401 iface->ifnum, iface->name)); 4402 } 4403 4404 return iface; 4405 } 4406 4407 4408 /* 4409 * io_clr_stats - clear I/O module statistics 4410 */ 4411 void 4412 io_clr_stats(void) 4413 { 4414 packets_dropped = 0; 4415 packets_ignored = 0; 4416 packets_received = 0; 4417 packets_sent = 0; 4418 packets_notsent = 0; 4419 4420 handler_calls = 0; 4421 handler_pkts = 0; 4422 io_timereset = current_time; 4423 } 4424 4425 4426 #ifdef REFCLOCK 4427 /* 4428 * io_addclock - add a reference clock to the list and arrange that we 4429 * get SIGIO interrupts from it. 4430 */ 4431 int 4432 io_addclock( 4433 struct refclockio *rio 4434 ) 4435 { 4436 BLOCKIO(); 4437 4438 /* 4439 * Stuff the I/O structure in the list and mark the descriptor 4440 * in use. There is a harmless (I hope) race condition here. 4441 */ 4442 rio->active = TRUE; 4443 4444 # ifdef HAVE_SIGNALED_IO 4445 if (init_clock_sig(rio)) { 4446 UNBLOCKIO(); 4447 return 0; 4448 } 4449 # elif defined(HAVE_IO_COMPLETION_PORT) 4450 if (!io_completion_port_add_clock_io(rio)) { 4451 UNBLOCKIO(); 4452 return 0; 4453 } 4454 # endif 4455 4456 /* 4457 * enqueue 4458 */ 4459 LINK_SLIST(refio, rio, next); 4460 4461 /* 4462 * register fd 4463 */ 4464 add_fd_to_list(rio->fd, FD_TYPE_FILE); 4465 4466 UNBLOCKIO(); 4467 return 1; 4468 } 4469 4470 4471 /* 4472 * io_closeclock - close the clock in the I/O structure given 4473 */ 4474 void 4475 io_closeclock( 4476 struct refclockio *rio 4477 ) 4478 { 4479 struct refclockio *unlinked; 4480 4481 BLOCKIO(); 4482 4483 /* 4484 * Remove structure from the list 4485 */ 4486 rio->active = FALSE; 4487 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio); 4488 if (NULL != unlinked) { 4489 /* Close the descriptor. The order of operations is 4490 * important here in case of async / overlapped IO: 4491 * only after we have removed the clock from the 4492 * IO completion port we can be sure no further 4493 * input is queued. So... 4494 * - we first disable feeding to the queu by removing 4495 * the clock from the IO engine 4496 * - close the file (which brings down any IO on it) 4497 * - clear the buffer from results for this fd 4498 */ 4499 # ifdef HAVE_IO_COMPLETION_PORT 4500 io_completion_port_remove_clock_io(rio); 4501 # endif 4502 close_and_delete_fd_from_list(rio->fd, NULL); 4503 purge_recv_buffers_for_fd(rio->fd); 4504 rio->fd = -1; 4505 } 4506 4507 UNBLOCKIO(); 4508 } 4509 #endif /* REFCLOCK */ 4510 4511 4512 /* 4513 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in 4514 * an array. So we use one of the ISC_LIST functions to hold the 4515 * socket value and use that when we want to enumerate it. 4516 * 4517 * This routine is called by the forked intres child process to close 4518 * all open sockets. On Windows there's no need as intres runs in 4519 * the same process as a thread. 4520 */ 4521 #ifndef SYS_WINNT 4522 void 4523 kill_asyncio( 4524 int startfd 4525 ) 4526 { 4527 BLOCKIO(); 4528 4529 /* 4530 * In the child process we do not maintain activefds and 4531 * maxactivefd. Zeroing maxactivefd disables code which 4532 * maintains it in close_and_delete_fd_from_list(). 4533 */ 4534 maxactivefd = 0; 4535 4536 while (fd_list != NULL) 4537 close_and_delete_fd_from_list(fd_list->fd, NULL); 4538 4539 UNBLOCKIO(); 4540 } 4541 #endif /* !SYS_WINNT */ 4542 4543 4544 /* 4545 * Add and delete functions for the list of input file descriptors 4546 */ 4547 static void 4548 add_fd_to_list( 4549 SOCKET fd, 4550 enum desc_type type 4551 ) 4552 { 4553 vsock_t *lsock = emalloc(sizeof(*lsock)); 4554 4555 lsock->fd = fd; 4556 lsock->type = type; 4557 4558 LINK_SLIST(fd_list, lsock, link); 4559 maintain_activefds(fd, 0); 4560 } 4561 4562 4563 static void 4564 close_and_delete_fd_from_list( 4565 SOCKET fd, 4566 endpt *ep /* req. if fd is in struct endpt */ 4567 ) 4568 { 4569 vsock_t *lsock; 4570 4571 UNLINK_EXPR_SLIST(lsock, fd_list, fd == 4572 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t); 4573 4574 if (NULL == lsock) 4575 return; 4576 4577 switch (lsock->type) { 4578 4579 case FD_TYPE_SOCKET: 4580 #ifdef HAVE_IO_COMPLETION_PORT 4581 if (ep != NULL) { 4582 io_completion_port_remove_socket(fd, ep); 4583 } 4584 #endif 4585 closesocket(lsock->fd); 4586 break; 4587 4588 case FD_TYPE_FILE: 4589 closeserial((int)lsock->fd); 4590 break; 4591 4592 default: 4593 msyslog(LOG_ERR, 4594 "internal error - illegal descriptor type %d - EXITING", 4595 (int)lsock->type); 4596 exit(1); 4597 } 4598 4599 free(lsock); 4600 /* 4601 * remove from activefds 4602 */ 4603 maintain_activefds(fd, 1); 4604 } 4605 4606 4607 static void 4608 add_addr_to_list( 4609 sockaddr_u * addr, 4610 endpt * ep 4611 ) 4612 { 4613 remaddr_t *laddr; 4614 4615 #ifdef DEBUG 4616 if (find_addr_in_list(addr) == NULL) { 4617 #endif 4618 /* not there yet - add to list */ 4619 laddr = emalloc(sizeof(*laddr)); 4620 laddr->addr = *addr; 4621 laddr->ep = ep; 4622 4623 LINK_SLIST(remoteaddr_list, laddr, link); 4624 4625 DPRINTF(4, ("Added addr %s to list of addresses\n", 4626 stoa(addr))); 4627 #ifdef DEBUG 4628 } else 4629 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n", 4630 stoa(addr))); 4631 #endif 4632 } 4633 4634 4635 static void 4636 delete_addr_from_list( 4637 sockaddr_u *addr 4638 ) 4639 { 4640 remaddr_t *unlinked; 4641 4642 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr, 4643 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t); 4644 4645 if (unlinked != NULL) { 4646 DPRINTF(4, ("Deleted addr %s from list of addresses\n", 4647 stoa(addr))); 4648 free(unlinked); 4649 } 4650 } 4651 4652 4653 static void 4654 delete_interface_from_list( 4655 endpt *iface 4656 ) 4657 { 4658 remaddr_t *unlinked; 4659 4660 for (;;) { 4661 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface == 4662 UNLINK_EXPR_SLIST_CURRENT()->ep, link, 4663 remaddr_t); 4664 4665 if (unlinked == NULL) 4666 break; 4667 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n", 4668 stoa(&unlinked->addr), iface->ifnum, 4669 iface->name)); 4670 free(unlinked); 4671 } 4672 } 4673 4674 4675 static endpt * 4676 find_addr_in_list( 4677 sockaddr_u *addr 4678 ) 4679 { 4680 remaddr_t *entry; 4681 4682 DPRINTF(4, ("Searching for addr %s in list of addresses - ", 4683 stoa(addr))); 4684 4685 for (entry = remoteaddr_list; 4686 entry != NULL; 4687 entry = entry->link) 4688 if (SOCK_EQ(&entry->addr, addr)) { 4689 DPRINTF(4, ("FOUND\n")); 4690 return entry->ep; 4691 } 4692 4693 DPRINTF(4, ("NOT FOUND\n")); 4694 return NULL; 4695 } 4696 4697 4698 /* 4699 * Find the given address with the all given flags set in the list 4700 */ 4701 static endpt * 4702 find_flagged_addr_in_list( 4703 sockaddr_u * addr, 4704 u_int32 flags 4705 ) 4706 { 4707 remaddr_t *entry; 4708 4709 DPRINTF(4, ("Finding addr %s with flags %d in list: ", 4710 stoa(addr), flags)); 4711 4712 for (entry = remoteaddr_list; 4713 entry != NULL; 4714 entry = entry->link) 4715 4716 if (SOCK_EQ(&entry->addr, addr) 4717 && (entry->ep->flags & flags) == flags) { 4718 4719 DPRINTF(4, ("FOUND\n")); 4720 return entry->ep; 4721 } 4722 4723 DPRINTF(4, ("NOT FOUND\n")); 4724 return NULL; 4725 } 4726 4727 4728 const char * 4729 localaddrtoa( 4730 endpt *la 4731 ) 4732 { 4733 return (NULL == la) 4734 ? "<null>" 4735 : stoa(&la->sin); 4736 } 4737 4738 4739 #ifdef HAS_ROUTING_SOCKET 4740 # ifndef UPDATE_GRACE 4741 # define UPDATE_GRACE 3 /* min. UPDATE_GRACE - 1 seconds before scanning */ 4742 # endif 4743 4744 static void 4745 process_routing_msgs(struct asyncio_reader *reader) 4746 { 4747 static void * buffer; 4748 static size_t buffsz = 8192; 4749 int cnt, new, msg_type; 4750 socklen_t len; 4751 #ifdef HAVE_RTNETLINK 4752 struct nlmsghdr *nh; 4753 #else 4754 struct rt_msghdr rtm; 4755 char *p; 4756 char *endp; 4757 #endif 4758 4759 if (scan_addrs_once) { 4760 /* 4761 * discard ourselves if we are not needed any more 4762 * usually happens when running unprivileged 4763 */ 4764 goto disable; 4765 } 4766 4767 if (NULL == buffer) { 4768 buffer = emalloc(buffsz); 4769 } 4770 4771 cnt = read(reader->fd, buffer, buffsz); 4772 4773 if (cnt < 0) { 4774 if (errno == ENOBUFS) { 4775 /* increase socket buffer by 25% */ 4776 len = sizeof cnt; 4777 if (0 > getsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &cnt, &len) || 4778 sizeof cnt != len) { 4779 msyslog(LOG_ERR, 4780 "routing getsockopt SO_RCVBUF %u %u: %m - disabling", 4781 (u_int)cnt, (u_int)sizeof cnt); 4782 goto disable; 4783 } 4784 new = cnt + (cnt / 4); 4785 if (0 > setsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &new, sizeof new)) { 4786 msyslog(LOG_ERR, 4787 "routing setsockopt SO_RCVBUF %d -> %d: %m - disabling", 4788 cnt, new); 4789 goto disable; 4790 } 4791 } else { 4792 msyslog(LOG_ERR, 4793 "routing socket reports: %m - disabling"); 4794 disable: 4795 remove_asyncio_reader(reader); 4796 delete_asyncio_reader(reader); 4797 return; 4798 } 4799 } 4800 4801 /* 4802 * process routing message 4803 */ 4804 #ifdef HAVE_RTNETLINK 4805 for (nh = buffer; NLMSG_OK(nh, cnt); nh = NLMSG_NEXT(nh, cnt)) 4806 { 4807 msg_type = nh->nlmsg_type; 4808 #else 4809 for (p = buffer, endp = p + cnt; 4810 (p + sizeof(struct rt_msghdr)) <= endp; 4811 p += rtm.rtm_msglen) 4812 { 4813 memcpy(&rtm, p, sizeof(rtm)); 4814 if (rtm.rtm_version != RTM_VERSION) { 4815 msyslog(LOG_ERR, 4816 "version mismatch (got %d - expected %d) on routing socket - disabling", 4817 rtm.rtm_version, RTM_VERSION); 4818 4819 remove_asyncio_reader(reader); 4820 delete_asyncio_reader(reader); 4821 return; 4822 } 4823 msg_type = rtm.rtm_type; 4824 #endif /* !HAVE_RTNETLINK */ 4825 switch (msg_type) { 4826 #ifdef RTM_NEWADDR 4827 case RTM_NEWADDR: 4828 #endif 4829 #ifdef RTM_DELADDR 4830 case RTM_DELADDR: 4831 #endif 4832 #ifdef RTM_ADD 4833 case RTM_ADD: 4834 #endif 4835 #ifdef RTM_DELETE 4836 case RTM_DELETE: 4837 #endif 4838 #ifdef RTM_REDIRECT 4839 case RTM_REDIRECT: 4840 #endif 4841 #ifdef RTM_CHANGE 4842 case RTM_CHANGE: 4843 #endif 4844 #ifdef RTM_LOSING 4845 case RTM_LOSING: 4846 #endif 4847 #ifdef RTM_IFINFO 4848 case RTM_IFINFO: 4849 #endif 4850 #ifdef RTM_IFANNOUNCE 4851 case RTM_IFANNOUNCE: 4852 #endif 4853 #ifdef RTM_NEWLINK 4854 case RTM_NEWLINK: 4855 #endif 4856 #ifdef RTM_DELLINK 4857 case RTM_DELLINK: 4858 #endif 4859 #ifdef RTM_NEWROUTE 4860 case RTM_NEWROUTE: 4861 #endif 4862 #ifdef RTM_DELROUTE 4863 case RTM_DELROUTE: 4864 #endif 4865 /* 4866 * we are keen on new and deleted addresses and 4867 * if an interface goes up and down or routing 4868 * changes 4869 */ 4870 DPRINTF(3, ("routing message op = %d: scheduling interface update\n", 4871 msg_type)); 4872 endpt_scan_timer = UPDATE_GRACE + current_time; 4873 break; 4874 #ifdef HAVE_RTNETLINK 4875 case NLMSG_DONE: 4876 /* end of multipart message */ 4877 return; 4878 #endif 4879 default: 4880 /* 4881 * the rest doesn't bother us. 4882 */ 4883 DPRINTF(4, ("routing message op = %d: ignored\n", 4884 msg_type)); 4885 break; 4886 } 4887 } 4888 } 4889 4890 /* 4891 * set up routing notifications 4892 */ 4893 static void 4894 init_async_notifications(void) 4895 { 4896 struct asyncio_reader *reader; 4897 #ifdef HAVE_RTNETLINK 4898 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 4899 struct sockaddr_nl sa; 4900 #else 4901 int fd = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); 4902 #endif 4903 if (fd < 0) { 4904 msyslog(LOG_ERR, 4905 "unable to open routing socket (%m) - using polled interface update"); 4906 return; 4907 } 4908 4909 fd = move_fd(fd); 4910 #ifdef HAVE_RTNETLINK 4911 ZERO(sa); 4912 sa.nl_family = PF_NETLINK; 4913 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR 4914 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE 4915 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE 4916 | RTMGRP_IPV6_MROUTE; 4917 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { 4918 msyslog(LOG_ERR, 4919 "bind failed on routing socket (%m) - using polled interface update"); 4920 return; 4921 } 4922 #endif 4923 make_socket_nonblocking(fd); 4924 #if defined(HAVE_SIGNALED_IO) 4925 init_socket_sig(fd); 4926 #endif /* HAVE_SIGNALED_IO */ 4927 4928 reader = new_asyncio_reader(); 4929 4930 reader->fd = fd; 4931 reader->receiver = process_routing_msgs; 4932 4933 add_asyncio_reader(reader, FD_TYPE_SOCKET); 4934 msyslog(LOG_INFO, 4935 "Listening on routing socket on fd #%d for interface updates", 4936 fd); 4937 } 4938 #else 4939 /* HAS_ROUTING_SOCKET not defined */ 4940 static void 4941 init_async_notifications(void) 4942 { 4943 } 4944 #endif 4945